Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

cbc15ae53d...29.apk

android-9-x86

10

cbc15ae53d...29.apk

android-10-x64

10

cbc15ae53d...29.apk

android-11-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbc15ae53dd8cc7ced297f8dea62243b0629e56612e7dd3a5cdc0a040f957d29.bin

  • Size

    302KB

  • Sample

    241109-3x5zpavene

  • MD5

    bb38d6d62c62d734701a38eec016d27f

  • SHA1

    d8b32eb8de4d9a6312404d2ff4c51880d8e68665

  • SHA256

    cbc15ae53dd8cc7ced297f8dea62243b0629e56612e7dd3a5cdc0a040f957d29

  • SHA512

    c67d89851b40c5a3cee03bc5c320a7bc8fb4fd351b34bb16e36baf95d29812b34c11670991bbb9f7c5840df11f3f8b03ae1c4aab0ddd355e054fc38e3f86ecb2

  • SSDEEP

    6144:mD1UZo+EaDWsclJ/RY8QiVGlKqmbOAWJVogxhNAuSDqnT:mDio+LNqZY8Qi8KqmbO/OgnljnT

Score
10/10
xloader_apkandroidbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

Malware Config

Targets

    • Target

      cbc15ae53dd8cc7ced297f8dea62243b0629e56612e7dd3a5cdc0a040f957d29.bin

    • Size

      302KB

    • MD5

      bb38d6d62c62d734701a38eec016d27f

    • SHA1

      d8b32eb8de4d9a6312404d2ff4c51880d8e68665

    • SHA256

      cbc15ae53dd8cc7ced297f8dea62243b0629e56612e7dd3a5cdc0a040f957d29

    • SHA512

      c67d89851b40c5a3cee03bc5c320a7bc8fb4fd351b34bb16e36baf95d29812b34c11670991bbb9f7c5840df11f3f8b03ae1c4aab0ddd355e054fc38e3f86ecb2

    • SSDEEP

      6144:mD1UZo+EaDWsclJ/RY8QiVGlKqmbOAWJVogxhNAuSDqnT:mDio+LNqZY8Qi8KqmbO/OgnljnT

    Score
    10/10
    xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

      trojaninfostealerbankerxloader_apk

    • Xloader_apk family

      xloader_apk

    • Checks if the Android device is rooted.

      evasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of the MMS message.

      collection

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests changing the default SMS application.

      collectionimpact
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.