Resubmissions

16-12-2024 22:36

241216-2h95essrgn 10

16-12-2024 22:35

241216-2hv1haske1 10

12-12-2024 22:08

241212-118hwaypgt 10

General

  • Target

    49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9.bin

  • Size

    260KB

  • Sample

    241216-2hv1haske1

  • MD5

    01b53f573b3fa9455ca93328836cae44

  • SHA1

    d94f0b8e269650d8642a8bfdcc3a7aff3e5d688e

  • SHA256

    49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9

  • SHA512

    a72ff73a1ddc5b01f8022d14c13ea961b4c1599f89ff9b1bdcaa6701e6a145d4a6a1d6e74d6bc3c97a6b07cf0b89d6afbd680f582a586cd1f08cad0888b13165

  • SSDEEP

    6144:Jb7PcyO2onwwr3w+4m+qRFfJtl9rrAJEzrwdaj/ea:x7PZ3wrwERFTHI2wMZ

Malware Config

Extracted

Family

xloader_apk

C2

http://91.204.226.54:28899

DES_key
1
4162356431513332

Targets

    • Target

      49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9.bin

    • Size

      260KB

    • MD5

      01b53f573b3fa9455ca93328836cae44

    • SHA1

      d94f0b8e269650d8642a8bfdcc3a7aff3e5d688e

    • SHA256

      49fe54988c981d54448e9063a9cf867eced8a34ec0e13f94263e5a6d508cc4c9

    • SHA512

      a72ff73a1ddc5b01f8022d14c13ea961b4c1599f89ff9b1bdcaa6701e6a145d4a6a1d6e74d6bc3c97a6b07cf0b89d6afbd680f582a586cd1f08cad0888b13165

    • SSDEEP

      6144:Jb7PcyO2onwwr3w+4m+qRFfJtl9rrAJEzrwdaj/ea:x7PZ3wrwERFTHI2wMZ

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

    • Xloader_apk family

    • Checks if the Android device is rooted.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the content of the MMS message.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.