General
-
Target
49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9.bin
-
Size
260KB
-
Sample
241216-2h95essrgn
-
MD5
01b53f573b3fa9455ca93328836cae44
-
SHA1
d94f0b8e269650d8642a8bfdcc3a7aff3e5d688e
-
SHA256
49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9
-
SHA512
a72ff73a1ddc5b01f8022d14c13ea961b4c1599f89ff9b1bdcaa6701e6a145d4a6a1d6e74d6bc3c97a6b07cf0b89d6afbd680f582a586cd1f08cad0888b13165
-
SSDEEP
6144:Jb7PcyO2onwwr3w+4m+qRFfJtl9rrAJEzrwdaj/ea:x7PZ3wrwERFTHI2wMZ
Static task
static1
Behavioral task
behavioral1
Sample
49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9.apk
Resource
android-x86-arm-20240910-en
Malware Config
Extracted
xloader_apk
http://91.204.226.54:28899
Targets
-
-
Target
49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9.bin
-
Size
260KB
-
MD5
01b53f573b3fa9455ca93328836cae44
-
SHA1
d94f0b8e269650d8642a8bfdcc3a7aff3e5d688e
-
SHA256
49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9
-
SHA512
a72ff73a1ddc5b01f8022d14c13ea961b4c1599f89ff9b1bdcaa6701e6a145d4a6a1d6e74d6bc3c97a6b07cf0b89d6afbd680f582a586cd1f08cad0888b13165
-
SSDEEP
6144:Jb7PcyO2onwwr3w+4m+qRFfJtl9rrAJEzrwdaj/ea:x7PZ3wrwERFTHI2wMZ
-
XLoader payload
-
Xloader_apk family
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1