Overview

overview

10

Static

static

6

E-IFADE-VATANDAS.apk

android-10-x64

10

E-IFADE-VATANDAS.apk

android-11-x64

10

E-IFADE-VATANDAS.apk

android-13-x64

10

E-IFADE-VATANDAS.apk

android-9-x86

10

Resubmissions

06-08-2024 07:44

240806-jkt7watclj 10

05-08-2024 06:12

240805-gx86fssfmf 6

05-08-2024 05:57

240805-gnvlpsycrj 6

01-08-2024 10:08

240801-l571ksvfrr 6

Analysis

  • max time kernel
    189s
  • max time network
    335s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    06-08-2024 07:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    E-IFADE-VATANDAS.apk

  • Size

    1.1MB

  • MD5

    bc5dc768e5d005ff2b8e0ecdb84fe048

  • SHA1

    cf87b335e4b086f03dfa9e5d8e129844584b7601

  • SHA256

    9bf9b54ff34459ea77c1d3c849de9bc557b40c9a13ac9e20254eaf1569ceb05e

  • SHA512

    5e23581beb23eafb9690ca58045271dddc68fab72af4b34ec6c41bdfbcab15b04fc0abd9977f93bd7cdcffe5ac606cd9bc9d82b3dcd47d210c7615619746efa9

  • SSDEEP

    24576:l6m2oE2rOjocdTq1P5KnU2UdHD9aIWzeNZHhO6G24+fZfjHo2qnO:dE2r9cdTq1PiU5D9aIW6lO6G24+fZLIU

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://104.248.139.201/MDAyNTg1MTVhMTA3/

rc4.plain

Extracted

Family

octo

C2

https://104.248.139.201/MDAyNTg1MTVhMTA3/

AES_key

Signatures

Processes

  • com.beginhigh19
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5054

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.beginhigh19/cache/nhsqwzy
    Filesize

    448KB

    MD5

    0e61a147862f80d05f98cca723e6121a

    SHA1

    bd2e9c5ad3fb953e2ff2935df27128d9b39b7214

    SHA256

    5fec3818bed5c62b8b417893eef7cf47254e4ec81193e670bb9a601df2850213

    SHA512

    782bd75b66bd229e89e07b939c38ff7e96a423cc957703643a3b761e81f9dd26f52038ed3bb7475663fd77b838a5d53588fc62937111aba4aaaad94800edce20

    Download Submit

  • /data/data/com.beginhigh19/cache/oat/nhsqwzy.cur.prof
    Filesize

    411B

    MD5

    4760545ab0f4f399aca992062b34cdd3

    SHA1

    85eeadca03354b7bca40a3dfe2995a3629daa82b

    SHA256

    aa99fb74f96b74d9e5329bbba3721c36ac961e59f48381f73e77bba98f5ec0e2

    SHA512

    4aa8336fa8ed1577b56c96ff2905f3fadbc38bba855c31f55e69bd19959952ae5fe8a33b922f0d363c97f1233ee7926a038af6c8f7be94551890c8f8933108e2

    Download Submit

  • /data/data/com.beginhigh19/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.beginhigh19/kl.txt
    Filesize

    68B

    MD5

    bdab2b628c1fee7b2ac0d75582918567

    SHA1

    898bdf20ffd244c72e049749b6c8e484b9837deb

    SHA256

    584faa95313b1a7b7c644b6a972c63fd8b7c9810b9915c91e06682bf22d184ef

    SHA512

    b46357569a4a1a864240b7fcabeadec567c6a7a056f9d705a1c9c422cb4067a8a4cf1df036ef46e8c75409523897f144b926a93ca643ec1ac79acb3d87a1428f

    Download Submit

  • /data/data/com.beginhigh19/kl.txt
    Filesize

    76B

    MD5

    6aa9dbbcba87b0b071e8a856dbc67b3f

    SHA1

    14d1f53dfc81eaa5c0cdf20e9a504f93707a78a6

    SHA256

    3eb2249eafa9f445f320eda362e55eadbf8ca712828058a52a579ae0f5ba4675

    SHA512

    805f75b7e2d10eeff1302443f23f81ff4d4b2547c4deb8ba02a4dbc6e105a49abf26befca3aba050b191c908068cb1709cb22babaf70f8b06b1e73c49156c11d

    Download Submit