General
-
Target
9aba04336d441f199887d2d445dbd58309b3ed756a26eb726b26e3f8ff957df9.bin
-
Size
260KB
-
Sample
241212-11qm3aypez
-
MD5
4f7b32500ea2e5250e81b3a8b878be1c
-
SHA1
db21c59f74c6e3de12e8eca2395cae36e6852793
-
SHA256
9aba04336d441f199887d2d445dbd58309b3ed756a26eb726b26e3f8ff957df9
-
SHA512
00effd48b0adf4d470ac1f984623103921773cb8d51e7fa0e7438d6f9278d2a4970c88a19b02f45708c2f345cab1619eead0a209b8590e69030b57546c90045c
-
SSDEEP
6144:CcYLu/UgO2iLqivVgV4G+qdFzJtlRrrAXEzfwfanvc:GCfiBgZdFzHWywynE
Static task
static1
Behavioral task
behavioral1
Sample
9aba04336d441f199887d2d445dbd58309b3ed756a26eb726b26e3f8ff957df9.apk
Resource
android-x86-arm-20240910-en
Malware Config
Extracted
xloader_apk
http://91.204.226.54:28899
Targets
-
-
Target
9aba04336d441f199887d2d445dbd58309b3ed756a26eb726b26e3f8ff957df9.bin
-
Size
260KB
-
MD5
4f7b32500ea2e5250e81b3a8b878be1c
-
SHA1
db21c59f74c6e3de12e8eca2395cae36e6852793
-
SHA256
9aba04336d441f199887d2d445dbd58309b3ed756a26eb726b26e3f8ff957df9
-
SHA512
00effd48b0adf4d470ac1f984623103921773cb8d51e7fa0e7438d6f9278d2a4970c88a19b02f45708c2f345cab1619eead0a209b8590e69030b57546c90045c
-
SSDEEP
6144:CcYLu/UgO2iLqivVgV4G+qdFzJtlRrrAXEzfwfanvc:GCfiBgZdFzHWywynE
-
XLoader payload
-
Xloader_apk family
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1