Overview

overview

10

Static

static

6

94e23e69ee...c2.apk

android-9-x86

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    20-12-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94e23e69ee53e7e8317293b6ee87d779d0fa7dc382617a197bb92197acd918c2.apk

  • Size

    479KB

  • MD5

    ddc46d10589d8d5a7dada22455edbda8

  • SHA1

    555c2293d5900893250b16685d8b8be983e1d36a

  • SHA256

    94e23e69ee53e7e8317293b6ee87d779d0fa7dc382617a197bb92197acd918c2

  • SHA512

    f795bcae047710d695c6947e7f06fa373bc4faedee82c4e1faa09c5355a9c84fdaa500d7cf5de397d414026a4b09348bccedee4694ba7b54f89c684f3be0f2d7

  • SSDEEP

    6144:wFQjJwWOMhk3li15TUtAEP6Uan+2OejoIsJSTP9u2eACO5DEXwZv3rTYTxHrwvgI:wFQCWOvwlUREboIKkPtCOgrRPuf

Score
10/10
xloader_apkbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Signatures

  • XLoader payload 2 IoCs
  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk
  • Xloader_apk family
    xloader_apk
  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
    evasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads the content of the MMS message. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • xdsxk.djyf.gwiwmb.seievl
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4214

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/xdsxk.djyf.gwiwmb.seievl/files/d
    Filesize

    453KB

    MD5

    d125d7e8d3e1bd80e89df9ebb0522296

    SHA1

    b1d6d142a5f67661a555000726e0ab72ca43ce7b

    SHA256

    5c25ea3bbc2a4ca578fa198b9a33fdb3d51e829b274b22af75768c3b22fa962d

    SHA512

    aac0eb838beeb6e38b2226798359cee9ae4b937724f108e3dea5bd3307964810cb4ba09368e71eaf4b9551624ff4886a02ee5d72022f8487a2e6dc540a4fa42e

    Download Submit