General

  • Target

    eab9c00e9526f5ffd97f9be5541ef67008f0724b39c07931a52993d0e5131826.bin

  • Size

    212KB

  • Sample

    241110-1xgwrayrgm

  • MD5

    e4af2fa5e4518510c4c1991106a3e95f

  • SHA1

    de4529c5ac6d78fdf0ecdff3bf21d3c44c01f97f

  • SHA256

    eab9c00e9526f5ffd97f9be5541ef67008f0724b39c07931a52993d0e5131826

  • SHA512

    7a0002088d78e5388f276d141b1ffe097df3dce7dd51100660b0e876d183f9a3c7915b622a1b096abdb86291432b4d988491dc919227710ad71c2f8d2bc520d9

  • SSDEEP

    3072:tcF3Q0vg46W2XjkrIx9KJVaRIJvSYlETVmdtVIoHpwGw+fvsIMcJgcE5o2laB:tQa46W2TUIzmaRIJvLEsrpw/+ecpElaB

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.226.54:28899

DES_key
1
4162356431513332

Targets

    • Target

      eab9c00e9526f5ffd97f9be5541ef67008f0724b39c07931a52993d0e5131826.bin

    • Size

      212KB

    • MD5

      e4af2fa5e4518510c4c1991106a3e95f

    • SHA1

      de4529c5ac6d78fdf0ecdff3bf21d3c44c01f97f

    • SHA256

      eab9c00e9526f5ffd97f9be5541ef67008f0724b39c07931a52993d0e5131826

    • SHA512

      7a0002088d78e5388f276d141b1ffe097df3dce7dd51100660b0e876d183f9a3c7915b622a1b096abdb86291432b4d988491dc919227710ad71c2f8d2bc520d9

    • SSDEEP

      3072:tcF3Q0vg46W2XjkrIx9KJVaRIJvSYlETVmdtVIoHpwGw+fvsIMcJgcE5o2laB:tQa46W2TUIzmaRIJvLEsrpw/+ecpElaB

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Xloader_apk family

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of the MMS message.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.