Overview

overview

10

Static

static

6

53868e6b50...53.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53868e6b50df8318c48a626fd6762ea87ade33d672c2f3c2c7ad19d66ff79d53.bin

  • Size

    212KB

  • Sample

    250113-1zvwdsyndt

  • MD5

    2f7345eb2711e3c3092d207c73073ff7

  • SHA1

    f8ccb03a55390cc4fc041dd88b8b767427deab25

  • SHA256

    53868e6b50df8318c48a626fd6762ea87ade33d672c2f3c2c7ad19d66ff79d53

  • SHA512

    52abed83fb8b3fa0ba0ed30e64e96e38e3f9e7a991ce5f6d77db38b7b3dfa27684d14b4f7aeb985b48ad2374d1ad446ef40b5f8798a04e6b95b7f59493169656

  • SSDEEP

    3072:or+69J08yIa/ei3iCtleJmfq4FI3koA3Lh3m6D6n2qbb6efflfHQ8:UBi9mRC7RvI0Lh26D6n2W6e3Bb

Score
10/10
xloader_apkandroidbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Targets

    • Target

      53868e6b50df8318c48a626fd6762ea87ade33d672c2f3c2c7ad19d66ff79d53.bin

    • Size

      212KB

    • MD5

      2f7345eb2711e3c3092d207c73073ff7

    • SHA1

      f8ccb03a55390cc4fc041dd88b8b767427deab25

    • SHA256

      53868e6b50df8318c48a626fd6762ea87ade33d672c2f3c2c7ad19d66ff79d53

    • SHA512

      52abed83fb8b3fa0ba0ed30e64e96e38e3f9e7a991ce5f6d77db38b7b3dfa27684d14b4f7aeb985b48ad2374d1ad446ef40b5f8798a04e6b95b7f59493169656

    • SSDEEP

      3072:or+69J08yIa/ei3iCtleJmfq4FI3koA3Lh3m6D6n2qbb6efflfHQ8:UBi9mRC7RvI0Lh26D6n2W6e3Bb

    Score
    10/10
    xloader_apkbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

      trojaninfostealerbankerxloader_apk

    • Xloader_apk family

      xloader_apk

    • Checks if the Android device is rooted.

      evasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of the MMS message.

      collection

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks