General
-
Target
85fca16b990b346c80d6dc1ef0830f79056ef45853de56725244c0bc4b35760a.bin
-
Size
208KB
-
Sample
241108-2qrm2s1grj
-
MD5
dee0be58bae9d5874e9a5653782ccee5
-
SHA1
66fd460b7285fdf8825fe30c4fcf4512337868c5
-
SHA256
85fca16b990b346c80d6dc1ef0830f79056ef45853de56725244c0bc4b35760a
-
SHA512
d1d9290cdc8edb44336cd1fc4c178d2cee541f455b6f53dd8e3afc99e0a564f41c3e30909c42e9cc70b035c4b013f946fd4e0135eae547903a15d70b7c65e189
-
SSDEEP
3072:1D4mMzJntxJzksv38bbXF1N64GpBFuvs/mhDMDZTP3REjyuWIcx9El1YXiP88MAe:1UtBsF1kDpBF/4y55+yuGrE3YA7ct
Malware Config
Targets
-
-
Target
85fca16b990b346c80d6dc1ef0830f79056ef45853de56725244c0bc4b35760a.bin
-
Size
208KB
-
MD5
dee0be58bae9d5874e9a5653782ccee5
-
SHA1
66fd460b7285fdf8825fe30c4fcf4512337868c5
-
SHA256
85fca16b990b346c80d6dc1ef0830f79056ef45853de56725244c0bc4b35760a
-
SHA512
d1d9290cdc8edb44336cd1fc4c178d2cee541f455b6f53dd8e3afc99e0a564f41c3e30909c42e9cc70b035c4b013f946fd4e0135eae547903a15d70b7c65e189
-
SSDEEP
3072:1D4mMzJntxJzksv38bbXF1N64GpBFuvs/mhDMDZTP3REjyuWIcx9El1YXiP88MAe:1UtBsF1kDpBF/4y55+yuGrE3YA7ct
Score10/10-
XLoader payload
-
XLoader, MoqHao
An Android banker and info stealer.
-
Xloader_apk family
-
Checks if the Android device is rooted.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-