Overview

overview

10

Static

static

6

E-IFADE-VATANDAS.apk

android-10-x64

10

E-IFADE-VATANDAS.apk

android-11-x64

10

E-IFADE-VATANDAS.apk

android-13-x64

10

E-IFADE-VATANDAS.apk

android-9-x86

10

Resubmissions

06/08/2024, 07:44

240806-jkt7watclj 10

05/08/2024, 06:12

240805-gx86fssfmf 6

05/08/2024, 05:57

240805-gnvlpsycrj 6

01/08/2024, 10:08

240801-l571ksvfrr 6

Analysis

  • max time kernel
    329s
  • max time network
    338s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    06/08/2024, 07:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    E-IFADE-VATANDAS.apk

  • Size

    1.1MB

  • MD5

    bc5dc768e5d005ff2b8e0ecdb84fe048

  • SHA1

    cf87b335e4b086f03dfa9e5d8e129844584b7601

  • SHA256

    9bf9b54ff34459ea77c1d3c849de9bc557b40c9a13ac9e20254eaf1569ceb05e

  • SHA512

    5e23581beb23eafb9690ca58045271dddc68fab72af4b34ec6c41bdfbcab15b04fc0abd9977f93bd7cdcffe5ac606cd9bc9d82b3dcd47d210c7615619746efa9

  • SSDEEP

    24576:l6m2oE2rOjocdTq1P5KnU2UdHD9aIWzeNZHhO6G24+fZfjHo2qnO:dE2r9cdTq1PiU5D9aIW6lO6G24+fZLIU

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://104.248.139.201/MDAyNTg1MTVhMTA3/

rc4.plain

Extracted

Family

octo

C2

https://104.248.139.201/MDAyNTg1MTVhMTA3/

AES_key

Signatures

Processes

  • com.beginhigh19
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4321

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.beginhigh19/cache/nhsqwzy
    Filesize

    448KB

    MD5

    0e61a147862f80d05f98cca723e6121a

    SHA1

    bd2e9c5ad3fb953e2ff2935df27128d9b39b7214

    SHA256

    5fec3818bed5c62b8b417893eef7cf47254e4ec81193e670bb9a601df2850213

    SHA512

    782bd75b66bd229e89e07b939c38ff7e96a423cc957703643a3b761e81f9dd26f52038ed3bb7475663fd77b838a5d53588fc62937111aba4aaaad94800edce20

    Download Submit

  • /data/user/0/com.beginhigh19/cache/oat/nhsqwzy.cur.prof
    Filesize

    375B

    MD5

    592e713c535a3c5139d0c886223d7c74

    SHA1

    88c6f0365f4c767fb697242a9620c6d6293a6779

    SHA256

    8746d9ac2b1a0c59783e1deae938e3b8739ee622714af87928b8e53954c625e6

    SHA512

    65088c7a2e1d25b0486932a22e42afe28590cac321a21989d1bab2a7f012f2f51ea5bbb8f62447d774ab8893d4b6430dec0ac82f9ee93d5fdd2cb3efb41164c6

    Download Submit

  • /data/user/0/com.beginhigh19/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.beginhigh19/kl.txt
    Filesize

    214B

    MD5

    7d00fecefe6dbd2a68adadbb301cbcb0

    SHA1

    6952613985de4d81b038aea86046fad64381a356

    SHA256

    618c7d486b76607d0f6cc662072d205065efd2963fae213e338e9d948e303b00

    SHA512

    86916f75de467aadb900ae16c0e1144fe1579850fd83c0bb4efbc66932c366ebf3c89e650defbe35ca8108daf988959ebe115c53e68cd0b00152cda439e0f96d

    Download Submit

  • /data/user/0/com.beginhigh19/kl.txt
    Filesize

    60B

    MD5

    0310f5d250a1262fcc71394537581950

    SHA1

    2bc7b7ce942f48959232b1231605cc6afecee53e

    SHA256

    e1fc059bcd254bf6d3e78bb7fb9ec50f5b93020c65454b550ccbea7d14bbe515

    SHA512

    c40c2ec611e4f6eb7734e800ef72ba207df2cabd2cacf83a9cfd0d055f158a0d006eaf814b9296dbd3f271bb211ea7814e8cf3b4e38e22ddf77d7c865a3869e5

    Download Submit

  • /data/user/0/com.beginhigh19/kl.txt
    Filesize

    72B

    MD5

    e265812253bab6230f504621e84c695c

    SHA1

    f6d9842381bd8a2d3d17563dd7a0802cefbf0d70

    SHA256

    c17659d1c21570f5630cf7b7326b805b178f02a41d876e0cd2ebd13c703d2a13

    SHA512

    dd087ed70c2f0d1a53220f1933dcda9745e9e7648d9196522c84f7ef5f6a4131298ac9af0ce2d331e3a0771cbe189699e48d842aae0cd205c86be04a774a60a8

    Download Submit

  • /data/user/0/com.beginhigh19/kl.txt
    Filesize

    76B

    MD5

    6660acc6cc46ac1da37e5833ed0025e8

    SHA1

    ca70fa3045700ef88d460ce4216a8c84fc3f82c5

    SHA256

    5b45047c0b9c8a177695e986919fb64e8192efe42ddd1369959aa0c0671ddbd6

    SHA512

    8a4defc8c9267ca81fa141e601501aff18be4693e457128f112b008fc8b0161d73494242f5949dbb5ab941d520f728f49e67f7520856216c64c71ed46fed7db4

    Download Submit