General
-
Target
e28d25bf7c0c2e5f2a5f01d8bef05d7f0f2ae013e7240f1eb2997d7f74f6d289.bin
-
Size
208KB
-
Sample
240704-1zty4a1hjm
-
MD5
669045708ec1ec87383ae52d1aa645cb
-
SHA1
67982b1c19ada0f04b07b32b56a840f03bedff12
-
SHA256
e28d25bf7c0c2e5f2a5f01d8bef05d7f0f2ae013e7240f1eb2997d7f74f6d289
-
SHA512
9429590180c2a3330bfd5eab9b6abb866771a8c61a932457ac21dec7cf27eb24d5cb453cdacf8f9264fcf7eb44c645987011ab6ebeda51b20d707bb652439c04
-
SSDEEP
6144:axc7j9suJCH0qQwuMwxTUM2661pCNv+IhiG6J5C:aoj9K7zuMwxTUkawpiJ5C
Static task
static1
Behavioral task
behavioral1
Sample
e28d25bf7c0c2e5f2a5f01d8bef05d7f0f2ae013e7240f1eb2997d7f74f6d289.apk
Resource
android-33-x64-arm64-20240624-en
Malware Config
Extracted
xloader_apk
http://91.204.227.39:28844
Targets
-
-
Target
e28d25bf7c0c2e5f2a5f01d8bef05d7f0f2ae013e7240f1eb2997d7f74f6d289.bin
-
Size
208KB
-
MD5
669045708ec1ec87383ae52d1aa645cb
-
SHA1
67982b1c19ada0f04b07b32b56a840f03bedff12
-
SHA256
e28d25bf7c0c2e5f2a5f01d8bef05d7f0f2ae013e7240f1eb2997d7f74f6d289
-
SHA512
9429590180c2a3330bfd5eab9b6abb866771a8c61a932457ac21dec7cf27eb24d5cb453cdacf8f9264fcf7eb44c645987011ab6ebeda51b20d707bb652439c04
-
SSDEEP
6144:axc7j9suJCH0qQwuMwxTUM2661pCNv+IhiG6J5C:aoj9K7zuMwxTUkawpiJ5C
-
XLoader payload
-
Checks if the Android device is rooted.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of the MMS message.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests changing the default SMS application.
-