Resubmissions

16-12-2024 22:41

241216-2mdxsaslft 10

16-12-2024 22:36

241216-2h875askf1 6

16-12-2024 22:35

241216-2hwl2askfs 10

13-12-2024 22:03

241213-1yessazkas 10

General

  • Target

    4d4053be2e70b36147b09da24f3b1cb3425064ef29272620ebfb6edad92f14ec.bin

  • Size

    260KB

  • Sample

    241213-1yessazkas

  • MD5

    037360c7aae64d63a091399cf8731de3

  • SHA1

    42afe182d9001f504d24d694863ff10079f2a3ed

  • SHA256

    4d4053be2e70b36147b09da24f3b1cb3425064ef29272620ebfb6edad92f14ec

  • SHA512

    b19d27894bd13396499f582244e8aa34ae65e24cd9ef914501b5ac55d3c43a1de61b8ba95b24b7b19cfe67fe6bfd1a24bce8e0f6efdd75d77487711bf227eea6

  • SSDEEP

    6144:1a06Mpu6uRIgWSAnlJ04I+q5FHJtl1rrAjEzjwFaSadspa:D6eSIgilJc5FzHCuwUxdspa

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.226.54:28899

DES_key
1
4162356431513332

Targets

    • Target

      4d4053be2e70b36147b09da24f3b1cb3425064ef29272620ebfb6edad92f14ec.bin

    • Size

      260KB

    • MD5

      037360c7aae64d63a091399cf8731de3

    • SHA1

      42afe182d9001f504d24d694863ff10079f2a3ed

    • SHA256

      4d4053be2e70b36147b09da24f3b1cb3425064ef29272620ebfb6edad92f14ec

    • SHA512

      b19d27894bd13396499f582244e8aa34ae65e24cd9ef914501b5ac55d3c43a1de61b8ba95b24b7b19cfe67fe6bfd1a24bce8e0f6efdd75d77487711bf227eea6

    • SSDEEP

      6144:1a06Mpu6uRIgWSAnlJ04I+q5FHJtl1rrAjEzjwFaSadspa:D6eSIgilJc5FzHCuwUxdspa

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Xloader_apk family

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of the MMS message.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.