General
-
Target
81b78151f63a2ef76d9624b198573b637825823d0fc5838e39ae9bf89d1ae697.bin
-
Size
408KB
-
Sample
240629-1y4rxa1brm
-
MD5
79c87ff4a33c0932c07ab99e037e284c
-
SHA1
d48220439cd25d0ea15c9d314c602e1549d1fa72
-
SHA256
81b78151f63a2ef76d9624b198573b637825823d0fc5838e39ae9bf89d1ae697
-
SHA512
f1464dd1db90fb06d50bb26192f0d730035e2f1a6285828a406c05e66265a46ea2588b84a4c93d714e57068b65b341a01df1e0729aa7594f43e4082d0d0a78ea
-
SSDEEP
12288:hhVA0hGz3wDNUHiiQDhu0vUEbqmEYxVtJ:hhbhGz6+HiiQFvUE+Jm
Static task
static1
Behavioral task
behavioral1
Sample
81b78151f63a2ef76d9624b198573b637825823d0fc5838e39ae9bf89d1ae697.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
81b78151f63a2ef76d9624b198573b637825823d0fc5838e39ae9bf89d1ae697.bin
-
Size
408KB
-
MD5
79c87ff4a33c0932c07ab99e037e284c
-
SHA1
d48220439cd25d0ea15c9d314c602e1549d1fa72
-
SHA256
81b78151f63a2ef76d9624b198573b637825823d0fc5838e39ae9bf89d1ae697
-
SHA512
f1464dd1db90fb06d50bb26192f0d730035e2f1a6285828a406c05e66265a46ea2588b84a4c93d714e57068b65b341a01df1e0729aa7594f43e4082d0d0a78ea
-
SSDEEP
12288:hhVA0hGz3wDNUHiiQDhu0vUEbqmEYxVtJ:hhbhGz6+HiiQFvUE+Jm
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-