General
-
Target
fec5a2da9514383e4ce09e855dbef2161601925bff8a15000358b083672eed7d.bin
-
Size
429KB
-
Sample
241117-1zxpzszcqj
-
MD5
c48c6cce68b536f24db5d6aa055af8a1
-
SHA1
e638aa4e31ff5335121e07b80906d38a1fc660ca
-
SHA256
fec5a2da9514383e4ce09e855dbef2161601925bff8a15000358b083672eed7d
-
SHA512
c391711cacda670f8bfbc7c412a646b53b29280ba67c7253d2f4b783b66884ac0c1be5f64946e10e113820c44a38a5805b5c41058e8fea51d0ed272bd16e3029
-
SSDEEP
12288:GJbw6387oCRCGsz0f60mKaimKTm0IawfCsvvihxRxg:GJbqfLmgm0VeKxRO
Malware Config
Targets
-
-
Target
fec5a2da9514383e4ce09e855dbef2161601925bff8a15000358b083672eed7d.bin
-
Size
429KB
-
MD5
c48c6cce68b536f24db5d6aa055af8a1
-
SHA1
e638aa4e31ff5335121e07b80906d38a1fc660ca
-
SHA256
fec5a2da9514383e4ce09e855dbef2161601925bff8a15000358b083672eed7d
-
SHA512
c391711cacda670f8bfbc7c412a646b53b29280ba67c7253d2f4b783b66884ac0c1be5f64946e10e113820c44a38a5805b5c41058e8fea51d0ed272bd16e3029
-
SSDEEP
12288:GJbw6387oCRCGsz0f60mKaimKTm0IawfCsvvihxRxg:GJbqfLmgm0VeKxRO
Score10/10-
XLoader payload
-
XLoader, MoqHao
An Android banker and info stealer.
-
Xloader_apk family
-
Checks if the Android device is rooted.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1