Resubmissions

03-05-2024 05:43

240503-geq7xsaf22 10

25-04-2024 22:02

240425-1xv4dafg44 10

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    03-05-2024 05:43

General

  • Target

    271fd489f0dc6eb0c888acbd9adbffdd0eb86fab8de213e50560b0ab749b6a9a.apk

  • Size

    221KB

  • MD5

    679f82be2bba91de8b46f9a539063906

  • SHA1

    c0f0e2aed5d78ccd9f8ed704834dda4665751c38

  • SHA256

    271fd489f0dc6eb0c888acbd9adbffdd0eb86fab8de213e50560b0ab749b6a9a

  • SHA512

    ff825e4943556b300440a5db3879d4036e903797f843de5a3983b8351c6466c64d20ae5c1b787ad7486aa22835e8ca869ad59029db1ae8d63de93a2d1a2ee2fe

  • SSDEEP

    3072:hWBLOr1rfHzoXPlkSldHa4TMEmSDaivg73E+IXiKu0RzMqI0/30KnEvNSdvZ:EMfT+l7HayMEY2+mCj0/EuGSP

Malware Config

Extracted

Family

octo

C2

https://filomarinakiraci.top/ZDQyN2NmOGEzOTlk/

https://cannakliyat.top/ZDQyN2NmOGEzOTlk/

https://uzaktasimaatasehir.xyz/ZDQyN2NmOGEzOTlk/

https://kopekuyuztedavicisi.xyz/ZDQyN2NmOGEzOTlk/

https://hayvanyemekveriyoruz.top/ZDQyN2NmOGEzOTlk/

https://topcularaktaricisisedat.shop/ZDQyN2NmOGEzOTlk/

https://evcilkusbesleme.shop/ZDQyN2NmOGEzOTlk/

https://verdilerbizeikiadam.shop/ZDQyN2NmOGEzOTlk/

https://tokaxtliahmetmotorcukuryesi.top/ZDQyN2NmOGEzOTlk/

https://arackiralamacankiri.com/ZDQyN2NmOGEzOTlk/

Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests modifying system settings.
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4470

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12

    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    68B

    MD5

    169162aa6e27f73358b1763eff58b64a

    SHA1

    fbadfc0ca669ccec5900a2fe4bc4f797ded2856f

    SHA256

    d6009c3a2957cf7c2de6632a72ca7d437caae896906477a0da67254635b5f86c

    SHA512

    3f1d5f49ecc8f385a7ac316b68a4045cc6a9f1d2961dc9893e4e8c1a15007cbf98e57ff7b705c1ad9af6fe11fde598f6a51eef732c7e6b063f6cf9a449faa3b4

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    84B

    MD5

    0b810db4240336cc0f00ddb9fcd017e1

    SHA1

    da2d5f1494a49b1717fc12e1ed939502c86c74bf

    SHA256

    24cba61b1a05bab944420ccfa1674d1ab941d60a913b8142f66b40dd990a2e33

    SHA512

    8bf9e81896cfa2dc19552366acab90f0bcd3271f8c68fcfbb21ef2022099f24716b679e4cc26425b6180846de6011d646481531ca7e1df5cc14d731cb1e4a473

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    63B

    MD5

    8af73c43ec009b2237662c201cdc93a4

    SHA1

    ba3305b7c1640ee8cff02fa7f4d7fb6aeca96a6b

    SHA256

    da194c30ad0659f8b6ad8d36dcab6718990235fe07c00ba1c457b9c5635eeac2

    SHA512

    22fa14c723f71a06fc4d5f384e15a0e42e4221e5cb52b33097f65f80830d203bca26c0b96aed792b84bc3c114e2824527c8b636be9dfd92b7d5435be31dfe670

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    63B

    MD5

    284c000a5bdd1e8ce131e200cb6d4139

    SHA1

    fbc11627c08c8610b2a7b51e8676a03a7462d97b

    SHA256

    77125dcfac8c4bd7cf9d99844453526b8ed989cd8c1ba26146417815474283a8

    SHA512

    3c96a1d2fa0fe83ee8d53910ff40037bbab1f079351fd5159c6e0e2d5045640adf78e51a60a4fbc6dc2a0a8f375fe8d6ea93cacfb05080498150f57f43372699

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    230B

    MD5

    e010942daca99a8282459765d472165f

    SHA1

    81ef42b7c35b358acbac624d1866e505dfafb09d

    SHA256

    d5141627967b8bdac1ddd2f16fe303a266a5254566830024184b9f0ee4056c06

    SHA512

    b403bc38872427c068ccec494bac439773c2b39bfd3c18ed012a7ae25ce86ca894e7822366be7a36ff5b4d4799dac0627d8017607abf4ef0ad94af4a0b77a470

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    63B

    MD5

    6dfe7efa28e580f01984e08fe7385d96

    SHA1

    eb717463b21cde355b9f16db574b84575db771c3

    SHA256

    af79e9c46f411c73c3a72623c204ff3889140cc4da6776ed9700e4c5a0374d33

    SHA512

    4afe834b859d3212c988c89762c53007b8a3320c2e01971ff43328f2a6b6bc3a9f155b3437026a786728c2c3103c7933a32bf1b04071706acc89b111400f7a4a

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    68B

    MD5

    11d783c4c2b5d007d8563ee998849ada

    SHA1

    bc4accfe709dddfeb24d6c794b11452bc3602774

    SHA256

    b38f534574ba6bba584c6e57926785329819a5fdeebc9df1c4778ed16a92f69b

    SHA512

    f2553842d157d42351f35a1f0eb1b62c1d4d55fe73fa6bc17b7920605d6d014e53fb492bc4307ca09795c7db6947bf876e6020909d7fd33b3e4d48c2265ab32d

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    45B

    MD5

    940255f046d0f463283dec44c24839f3

    SHA1

    1cc302d55e1c30e5d3b72cff7a81a1498bef607d

    SHA256

    fe95091bafdb184f66fd2eb211fd109818a3ca1e07d767fc15b24a0ec8d60f2f

    SHA512

    ed0e16ca03d98728213812009156b74c60fdf129d87c3731d1cf33234fba5988cdcd7d11a90d900569e95220d03977b87327671388103a92683003c1b2a70db7

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    466B

    MD5

    7d88abf624ebb1bd8dec33abb76d1268

    SHA1

    5153e334063a0ab4302a5967d5e1fa7600c01fd5

    SHA256

    9b9a8eb256a041b1a1a928e3284bc4203689752c2cffa7830137fbb82c15799b

    SHA512

    939a54aef344319c1a9026724e141f2ceb379495e0bea68622e77c3f9e28b815355daa76b606c644fa9f58ec60fb1c73051610b658a7ec50e504cf3afaca535d

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    45B

    MD5

    a8523c63480ed12a8cbbdc987d0e9c16

    SHA1

    ec22e843fedb4cb07a28051a28dc1a1123bb01a4

    SHA256

    6eac64c313e0704646c827394010b62980d604b3b4d730d0e302aafa56b5b1eb

    SHA512

    7fb7a2e248f69f42bc7e6ad7d2cef692576456467f459ae72367f585ed2298149ce6a7632234f8c8e7e8f074ef9817ddbda28d1899524956b76d84766ba7c4c3

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    63B

    MD5

    4ef0f341ecdd16d0915a5f2014edd18b

    SHA1

    227efe054ea9e35b17dc8d8f887d9ba758e3f87f

    SHA256

    f963da73dbd84ed1c22523c57de18fea6aa58874ddc9ebd855811af519277a0c

    SHA512

    f3d3f72d74f4e067091fcfc0f72da405a996138830ccbf31004b6f266abbb51f1da4f6961a5a569e10ef1e296e2bdca3b4cf14bbb4b0c076b206ec0818b924d2

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    63B

    MD5

    e73ad0da8bf885cbd104daa80ecdc10a

    SHA1

    4bb91befedddbc514b4409e0bdd38c9eaf4d1c66

    SHA256

    c47ab0b590f0d57a578d4e5fd6d57328b6f4cc3a8427a4561e1cd7f52ce628a4

    SHA512

    3128c6ca34ad339377c09552ea456dcdd02cf9871da854ff42830995aeddc32152b64e7a8335345e8695ba7693ea86c9ee96417fcd1a2048720be4f954530b40