Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

c1ce078c5b...2d.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1ce078c5b96357b004d0100ba885c22e32b0b629c697c00279284fcc907dc2d.bin

  • Size

    212KB

  • Sample

    250121-1472hstqhq

  • MD5

    b9900f8290d0e89670bb6c0bd2a5d1ae

  • SHA1

    603ea9220054b02f5624026273ac087923a42541

  • SHA256

    c1ce078c5b96357b004d0100ba885c22e32b0b629c697c00279284fcc907dc2d

  • SHA512

    3ca6fd3b700badb59e1d475dcac96dd9ee33c2d525e262f49d5517dc68d3b45a8ee663041aabb0a80c99493c71a7223b34610f518e4423d06983fc00fb3b9c2b

  • SSDEEP

    3072:pl/dAqzT1L9xLMAODAG+KdILUcVEl59nGcABd0J8igOJ6DBmLS2y1b33EyQ1axLR:plxT3/2sElAB0goOmLVy1bkl1axLIP9A

Score
10/10
xloader_apkandroidbankercollectiondefense_evasiondiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

xloader_apk

C2

https://m.vk.com/id730148259?act=info

https://m.vk.com/id730149630?act=info
Attributes
  • user_agent

    Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36 Edg/112.0.0.0

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36

Targets

    • Target

      c1ce078c5b96357b004d0100ba885c22e32b0b629c697c00279284fcc907dc2d.bin

    • Size

      212KB

    • MD5

      b9900f8290d0e89670bb6c0bd2a5d1ae

    • SHA1

      603ea9220054b02f5624026273ac087923a42541

    • SHA256

      c1ce078c5b96357b004d0100ba885c22e32b0b629c697c00279284fcc907dc2d

    • SHA512

      3ca6fd3b700badb59e1d475dcac96dd9ee33c2d525e262f49d5517dc68d3b45a8ee663041aabb0a80c99493c71a7223b34610f518e4423d06983fc00fb3b9c2b

    • SSDEEP

      3072:pl/dAqzT1L9xLMAODAG+KdILUcVEl59nGcABd0J8igOJ6DBmLS2y1b33EyQ1axLR:plxT3/2sElAB0goOmLVy1bkl1axLIP9A

    Score
    10/10
    xloader_apkbankercollectiondefense_evasiondiscoveryevasioninfostealerpersistencestealthtrojan

    • XLoader payload

    • XLoader, MoqHao

      An Android banker and info stealer.

      trojaninfostealerbankerxloader_apk

    • Xloader_apk family

      xloader_apk

    • Checks if the Android device is rooted.

      defense_evasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of the MMS message.

      collection

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.