General
-
Target
93fa949934e93c290c7eef59f5d72e37f092be9a977527412aa432272c7231dc.bin
-
Size
412KB
-
Sample
240629-1yvt1a1bqm
-
MD5
b7e187e986a5bca7c676b31e371ecfb4
-
SHA1
047fc117631a84115744a5eb898af29d1d4c5a7f
-
SHA256
93fa949934e93c290c7eef59f5d72e37f092be9a977527412aa432272c7231dc
-
SHA512
d93e30d12a23698f74aee2403199d66d25ed847e5e2426148852125a6d3257765ca4c99a99244d5cb4e2f6b32c86c97d723e4e89c169437d4ec4181b8b6b6bc8
-
SSDEEP
6144:8yDUrZwmfXUPbLHNtWnmFyQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwu4:hUOmPUzrzQyDNUHiiQDhu0vUEbqmEYxF
Static task
static1
Behavioral task
behavioral1
Sample
93fa949934e93c290c7eef59f5d72e37f092be9a977527412aa432272c7231dc.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.50:28899
Targets
-
-
Target
93fa949934e93c290c7eef59f5d72e37f092be9a977527412aa432272c7231dc.bin
-
Size
412KB
-
MD5
b7e187e986a5bca7c676b31e371ecfb4
-
SHA1
047fc117631a84115744a5eb898af29d1d4c5a7f
-
SHA256
93fa949934e93c290c7eef59f5d72e37f092be9a977527412aa432272c7231dc
-
SHA512
d93e30d12a23698f74aee2403199d66d25ed847e5e2426148852125a6d3257765ca4c99a99244d5cb4e2f6b32c86c97d723e4e89c169437d4ec4181b8b6b6bc8
-
SSDEEP
6144:8yDUrZwmfXUPbLHNtWnmFyQDz3a12UH/aiNBkcnOxH2R30vUEbObpm8jYJAwu4:hUOmPUzrzQyDNUHiiQDhu0vUEbqmEYxF
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-