Resubmissions

05-08-2024 12:08

240805-pa55aavhjp 10

02-08-2024 15:48

240802-s893nszfkj 10

03-01-2024 17:25

240103-vzshdabae6 10

24-12-2023 19:17

231224-xznwasbhh7 6

14-12-2023 08:27

231214-kclffacdhn 10

03-11-2023 03:07

231103-dmbwesbb4s 10

01-11-2023 22:00

231101-1wx7cadf5y 10

Analysis

  • max time kernel
    329s
  • max time network
    337s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    05-08-2024 12:08

General

  • Target

    b38019f9e80c2166a4e09eed0cd15bad651263f0ff3ea26199a08896ffd8e1fc.apk

  • Size

    509KB

  • MD5

    60609814e43a1c814b30435f15d361ed

  • SHA1

    61431ed485c98b8a291e289a7e17e8d3e6db3660

  • SHA256

    b38019f9e80c2166a4e09eed0cd15bad651263f0ff3ea26199a08896ffd8e1fc

  • SHA512

    8efba5603fd4217b9c9c96e28a69f9f262568f76d43fd959d6914694808488f089f01fa92e2d04f44d5aa0859efcfb34fb080dc7b3a49502469598ab90a662fe

  • SSDEEP

    12288:KwGWfjEhy4pNodk6TZFo9nheT5BQ4YvnAu:KnWf0y4GNIsmRvnAu

Malware Config

Extracted

Family

octo

C2

https://84.54.50.100/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass2.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass3.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass4.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass5.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass6.net/Njk4Zjk4YjdjODY3/

rc4.plain

Extracted

Family

octo

C2

https://84.54.50.100/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass2.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass3.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass4.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass5.net/Njk4Zjk4YjdjODY3/

https://pakuxxxnatationclass6.net/Njk4Zjk4YjdjODY3/

AES_key

Signatures

Processes

  • com.broughtbluea
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4317

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.broughtbluea/cache/oat/pxcpq.cur.prof

    Filesize

    390B

    MD5

    4d4dd6b66f26c687a4742214238dbf99

    SHA1

    a5ea5e3dd8f4c7f862cf3cc355a5dc1c72204d50

    SHA256

    d8f915450229bbe7a978d6eb68b2a84dbe2d93333e287e3f7f773e48f7781253

    SHA512

    f36330c0c465d703c4cd2e6c56258643f8afd3cdf96517ed760b86eddf15817cbb66649ba48d4bc2249030542fffb3294fb121deb8e3995d7a7c7c8681c70271

  • /data/user/0/com.broughtbluea/cache/oat/pxcpq.cur.prof

    Filesize

    403B

    MD5

    d219a7de9b85244b092aa365d26e9098

    SHA1

    d9cba6e50d02825e5d36caa51160d79d0ff7d3f6

    SHA256

    76fa358159a6c590146b7fcbf5407af778e5ed8585be294daac8844680e1f0f5

    SHA512

    0cc272030f972f410fd47debc14debd5d5e040d7a545722429c67937025a48fb84b3886f4361221d49d1a3140eb31f77e34248bed1b6d4976f90bcb2127b30c3

  • /data/user/0/com.broughtbluea/cache/pxcpq

    Filesize

    449KB

    MD5

    fb15ea8794c6547c5ca8f58577e433a6

    SHA1

    47c530ac1858cbc7584429190a07c3c4313857ac

    SHA256

    908588c8de2b52b69f30917583d91ac67f96c7682c017df3943d3979c9fc6095

    SHA512

    9cb724a385917e949052b84be546cd61a952474ee8671743034463b356de4c5bc60732b07287c326da65c4cced7f8c8247b348bbb5abb436c86fedbcb4da90c9

  • /data/user/0/com.broughtbluea/kl.txt

    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

  • /data/user/0/com.broughtbluea/kl.txt

    Filesize

    214B

    MD5

    575b0a98386b8a166118c76f0c49f395

    SHA1

    fd379f72012526c72185208773bcc23674b0b8ab

    SHA256

    315c73098468ecf7c312a7f415be8a8101f826d51c0306ebb435bda979b680f8

    SHA512

    eefaa3eb3779db5ff701a92ec842367ec56ab1e2aee3dd4f8e44b3e903ebe50c521cfdc93aec6c2e943a92a74c48fb9e3ff8baa7138f136aae28ff15855e6ca9

  • /data/user/0/com.broughtbluea/kl.txt

    Filesize

    60B

    MD5

    a550bd6272382b9cd12c85fafbf648fc

    SHA1

    1df135f3d55a122c3e5197c9edab1920d3f36dbe

    SHA256

    932ff842792eeded31314d6f78bbc5dc4ba66b7ee75d4409865d001004885f10

    SHA512

    af2e0754f7cd982b43ef4542e5174ff5dfdeed76462fa47f7981b202b67b64a575cff4b8ec73c87fdef7fd9fbd34aa0d8f900798329276f8aa67794928f4ac93

  • /data/user/0/com.broughtbluea/kl.txt

    Filesize

    68B

    MD5

    ba093bb1a5bd70927facc649e7d5349a

    SHA1

    ea2f6c5aa58d4492b996fe1fba16f5d88ea6d788

    SHA256

    bbba3389e2259092073032d77d2de4280fb79abe04a472da39ea7103bc5bed91

    SHA512

    59b702fc26549ce0a907f0a282aa56ccc764ce65b04681e08ab358d9138c5c8108441b0a504f2bb0f89f1214a2090fce45c6839a4281916efbf5246a3fd7fab0

  • /data/user/0/com.broughtbluea/kl.txt

    Filesize

    76B

    MD5

    fa72d1d6fa25d234b0a56654c60874e0

    SHA1

    f89983c0d96113ca7a97579deca2c684d5b56b6d

    SHA256

    2a3d830fa9d9d733fc338dcd10f94ee783f3fd7cbd0c2a889afbe599db35353b

    SHA512

    45dc73762b447c7068de95eb07572771bdced85b12da6696f8747e26cba41195865e55147259eba15f339e5626c6d6a3091d7f29182471b690f39f9f55d57ac6