Overview

overview

10

Static

static

6

06e2cfe8d8...a3.apk

android-9-x86

10

Analysis

  • max time kernel
    8s
  • max time network
    153s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    05-11-2024 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06e2cfe8d84bd3ef0738530459247439786e5725800253f515db996dd1ebb0a3.apk

  • Size

    212KB

  • MD5

    084523fbca51df36d483ac724e2f0b86

  • SHA1

    b1542d60ef0356aef799801bea16a801c71695cb

  • SHA256

    06e2cfe8d84bd3ef0738530459247439786e5725800253f515db996dd1ebb0a3

  • SHA512

    2acee37c95775356f0796e2187b3de242567fd636a711480e545e6ad2bb85e46f4035ddd3223252689226785880311ba79937be0fcade7261ab2297de512a8d2

  • SSDEEP

    3072:sEz31OG5UuTSpKmJ+P9KJpERIJvSYBETVmdFVIobpwGwAfvsIMiJgcE5oKwHqsmQ:sKcG5jVGERIJv3EsHpw/Aeipl3zD/NL

Score
10/10
xloader_apkbankerevasioninfostealertrojan

Malware Config

Signatures

  • XLoader payload 1 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Xloader_apk family
    xloader_apk
  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Checks the presence of a debugger
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • xttxlap.paywbmsxc.fwetme
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Checks CPU information
    PID:4274
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/xttxlap.paywbmsxc.fwetme/app_picture/1.jpg --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/xttxlap.paywbmsxc.fwetme/app_picture/oat/x86/1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4300

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/xttxlap.paywbmsxc.fwetme/app_picture/1.jpg
    Filesize

    7KB

    MD5

    026342311adc999c6c840a336c9fca51

    SHA1

    773adfb1ac1e7e4389cdd41fd771521cea2a2993

    SHA256

    fee6a2011ccf1903f76928741a6572fb00ec5c072f3318f01f579785a5cb18bf

    SHA512

    243e8ea7baa487690d7e0c9c407b4dace8ad2a4ea071d0b9d0517efd03f3096d065ec54dd5c0294134286fb78aaf7187feb0fc7d787b91d9f4fb49a36184f8d7

    Download Submit

  • /data/data/xttxlap.paywbmsxc.fwetme/files/b
    Filesize

    446KB

    MD5

    a08eb40c8f41932cdfbb171b11047499

    SHA1

    640df821c78b575ddc1fb1ba3150795ae8a38af2

    SHA256

    21de04b706537eb676cda25497d25ce84e45d132232f715656f81c1e66ea4767

    SHA512

    03512be8115948dadefab3d4490e82fe8ebf5baa79765ecb63aec0b1ffa97c29ab37d68abf628e35ecb186ac1e81b2f259d392891eef2633707288803921442c

    Download Submit

  • /data/user/0/xttxlap.paywbmsxc.fwetme/app_picture/1.jpg
    Filesize

    7KB

    MD5

    b6896a968c72bb52a5eb8d9556fa27ed

    SHA1

    27a5b3afede82031411e27ec7fcb91a2b458ecd3

    SHA256

    1b578ccf35bd83d5557d6a59386b4fe02a3a5ff41799db03c8297d5f393b613b

    SHA512

    ba32f05e0ac2b0c600d0d5187166560fb7604a5a6043c65e621c2a77552810c28645a0d1557b1e7fb62d37fbe479c3d644c98c33c28bc17e20027f782ddcbe45

    Download Submit