General
-
Target
f2ca03db4d3d84236e4f621892801816e74e4f2afbe6cffeedfc2f4ab9523274.bin
-
Size
408KB
-
Sample
240629-1y1egsxdlh
-
MD5
94fb095eea7113c2f285acfbd3b10133
-
SHA1
8cc4c68a1d4a9f13a96e2a7492df80ae4d011817
-
SHA256
f2ca03db4d3d84236e4f621892801816e74e4f2afbe6cffeedfc2f4ab9523274
-
SHA512
26456c1a2d176712acd12143c6ec77e8d7ecee8c8b140e0c6ea2da2d840a16f1d842ffa31a68d35d0abf10e3bf798d70d4b931b68d6b424ab224a9c9bbcb8665
-
SSDEEP
12288:+Q6UdJaZTYXbDNUHiiQDhu0vUEbqmEYxB:+yi1uP+HiiQFvUE+JK
Static task
static1
Behavioral task
behavioral1
Sample
f2ca03db4d3d84236e4f621892801816e74e4f2afbe6cffeedfc2f4ab9523274.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
f2ca03db4d3d84236e4f621892801816e74e4f2afbe6cffeedfc2f4ab9523274.bin
-
Size
408KB
-
MD5
94fb095eea7113c2f285acfbd3b10133
-
SHA1
8cc4c68a1d4a9f13a96e2a7492df80ae4d011817
-
SHA256
f2ca03db4d3d84236e4f621892801816e74e4f2afbe6cffeedfc2f4ab9523274
-
SHA512
26456c1a2d176712acd12143c6ec77e8d7ecee8c8b140e0c6ea2da2d840a16f1d842ffa31a68d35d0abf10e3bf798d70d4b931b68d6b424ab224a9c9bbcb8665
-
SSDEEP
12288:+Q6UdJaZTYXbDNUHiiQDhu0vUEbqmEYxB:+yi1uP+HiiQFvUE+JK
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-