Analysis
-
max time kernel
149s -
max time network
153s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
06-11-2024 22:09
Static task
static1
Behavioral task
behavioral1
Sample
a48cd8be7ad38f8d8956f843e0bc9e4e3c47447756b80747ecfa1400a7be1b85.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
a48cd8be7ad38f8d8956f843e0bc9e4e3c47447756b80747ecfa1400a7be1b85.apk
-
Size
209KB
-
MD5
b37cc999ebecaa5d3b80d0e034cf39cc
-
SHA1
8788f525dc833cf93df087949e47e8ec50957f94
-
SHA256
a48cd8be7ad38f8d8956f843e0bc9e4e3c47447756b80747ecfa1400a7be1b85
-
SHA512
5a01e1035b7dae8f7cf047f1b1318414f3c999a7522959091fff8b2bec1390be01d3f4a98bc55c770c05afef83678534942c938c2a22167dbef2a93c42e80e72
-
SSDEEP
6144:QGMq8GQEojAINykIkXgVuvkOVxq2eH/RDDC:QG/7opNfxQVuvVVXqRDDC
Malware Config
Signatures
-
XLoader payload 2 IoCs
resource yara_rule behavioral1/files/fstream-1.dat family_xloader_apk behavioral1/files/fstream-1.dat family_xloader_apk2 -
XLoader, MoqHao
An Android banker and info stealer.
-
Xloader_apk family
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/bin/su b.vehyug.bsfjj -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/b.vehyug.bsfjj/files/d 4521 b.vehyug.bsfjj -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of the MMS message. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://mms/ b.vehyug.bsfjj -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock b.vehyug.bsfjj -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground b.vehyug.bsfjj -
Requests changing the default SMS application. 2 TTPs 1 IoCs
description ioc Process Intent action android.provider.Telephony.ACTION_CHANGE_DEFAULT b.vehyug.bsfjj
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
453KB
MD562dded91437cc7c895dc49eab14c80f5
SHA15ba00620dabdb8b8c63d459a951d4850e8d585b5
SHA256f86036172c22e92c8754a06846b5221ef5e957651c100c48205a85e650b3ad81
SHA5128ae828640b439091186e5f929fda51abefd468c3fbd72e02ab2afdfdf0c9c9ebd367b807826b760ea159250a7ef5b1673c92c4db2e696ace6d019b3004d64f5a