Overview

overview

10

Static

static

6

79744a092f...6f.apk

android-9-x86

10

79744a092f...6f.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    13/09/2024, 22:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    79744a092f856deca058c31a51c89c3cdd63f37d3c69ba1cf79963a0ca0bac6f.apk

  • Size

    561KB

  • MD5

    c949272f6f9498670ee54e9595c07f9b

  • SHA1

    0407d2b325c1c7f51c55bc57bc2f746001dcbce2

  • SHA256

    79744a092f856deca058c31a51c89c3cdd63f37d3c69ba1cf79963a0ca0bac6f

  • SHA512

    57bf6c35ad67f1f8819aa0cbcf6dc78de44731f04be1e7020faf561fd7cff4046bc6c849adf69d9d7ed861e48f69927f08b96d7019745dccc64db629c8f03b1f

  • SSDEEP

    12288:gSAhwk/jcrvvlwO1cPnUXEcSadfuD01iXjcMRbgFbPLJRlox3eMZdRHu/A:gSAhwk/IrvvlJc/KEIfuDgEcF/7alemH

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://b2iribizid7urdursun2645.net/YmE1ZjViODYyMDhm/

https://yedekalandi2324141.com/YmE1ZjViODYyMDhm/

https://75biribizidurdursun2645.net/YmE1ZjViODYyMDhm/

https://75biribizidurdursun2645.xyz/YmE1ZjViODYyMDhm/

https://700biribizidurdursun2645.xyz/YmE1ZjViODYyMDhm/
rc4.plain

Extracted

Family

octo

C2

https://b2iribizid7urdursun2645.net/YmE1ZjViODYyMDhm/

https://yedekalandi2324141.com/YmE1ZjViODYyMDhm/

https://75biribizidurdursun2645.net/YmE1ZjViODYyMDhm/

https://75biribizidurdursun2645.xyz/YmE1ZjViODYyMDhm/

https://700biribizidurdursun2645.xyz/YmE1ZjViODYyMDhm/
AES_key

Signatures

Processes

  • com.leftpassrr
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4344

Network

        MITRE ATT&CK Mobile v15

        Initial Access

        Execution

        Persistence

        Foreground Persistence

        1
        T1541

        Privilege Escalation

        Defense Evasion

        Download New Code at Runtime

        1
        T1407

        Foreground Persistence

        1
        T1541

        Hide Artifacts

        1
        T1628

        User Evasion

        1
        T1628.002

        Impair Defenses

        1
        T1629

        Prevent Application Removal

        1
        T1629.001

        Input Injection

        1
        T1516

        Virtualization/Sandbox Evasion

        2
        T1633

        System Checks

        2
        T1633.001

        Credential Access

        Access Notifications

        1
        T1517

        Clipboard Data

        1
        T1414

        Input Capture

        2
        T1417

        GUI Input Capture

        1
        T1417.002

        Keylogging

        1
        T1417.001

        Discovery

        Software Discovery

        1
        T1418

        Security Software Discovery

        1
        T1418.001

        System Information Discovery

        2
        T1426

        System Network Configuration Discovery

        3
        T1422

        Lateral Movement

        Collection

        Access Notifications

        1
        T1517

        Clipboard Data

        1
        T1414

        Input Capture

        2
        T1417

        GUI Input Capture

        1
        T1417.002

        Keylogging

        1
        T1417.001

        Screen Capture

        1
        T1513

        Command and Control

        Exfiltration

        Impact

        Data Encrypted for Impact

        1
        T1471

        Data Manipulation

        1
        T1641

        Transmitted Data Manipulation

        1
        T1641.001

        Input Injection

        1
        T1516

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.leftpassrr/cache/hlbthsvbuesa
          Filesize

          449KB

          MD5

          33cdedb03d44e888d030e2a52e6f04dd

          SHA1

          cabeb07cd47b37469ae7f35500e8e8421bee3fb7

          SHA256

          c93282d295487bb491c54e5da572a4f46dea1347098159de735b1ab31dbead59

          SHA512

          28e9e9ea55bd17f31531b9665b77b41be5c49c1dfc6777ce1bfb7474c7d4907173a5b099461dbb9686ddd8e5c83b3b990648c41608a30215d4e002fb6bfb2bf3

          Download Submit

        • /data/data/com.leftpassrr/cache/oat/hlbthsvbuesa.cur.prof
          Filesize

          383B

          MD5

          efa48c92ae4d4a2cd23196b73867d9f4

          SHA1

          ba26f587cffadc02082f683d6a7e5da96a1462e5

          SHA256

          8d83c2cf5caf32b4a0dc4742c673b45c877ad7436ceff96c158ac42aacf8cace

          SHA512

          f9b0c221d314525adb4d774f117c398157ad28e5c9d8a46eee6cf7458241198ebf3814a791e69c04aa97d7e6fa494e5942046beaa548c23e1d1c51f6202ccee9

          Download Submit

        • /data/data/com.leftpassrr/kl.txt
          Filesize

          28B

          MD5

          6311c3fd15588bb5c126e6c28ff5fffe

          SHA1

          ce81d136fce31779f4dd62e20bdaf99c91e2fc57

          SHA256

          8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

          SHA512

          2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

          Download Submit

        • /data/data/com.leftpassrr/kl.txt
          Filesize

          219B

          MD5

          a566f26aa1db5357fd514be2e974239c

          SHA1

          44840db510c79d904680f878ecc718b126170d62

          SHA256

          9014d2e9cec5be2cb05649f2bd4c3193c3bbd52018e1d38bf7521b982bd906ab

          SHA512

          1490adcc9f1734d8e9de093be095e75cbbbeebc44dfda90eb90f0551721d5ead7dc45395021493b3e8bee7c4ac1cf8205791594de84dda482549e3431f65d9e0

          Download Submit

        • /data/data/com.leftpassrr/kl.txt
          Filesize

          60B

          MD5

          466c085b14f6efc4303535f0a0dc0973

          SHA1

          61b80be430a41c79a644cdd720f0412682a9afcc

          SHA256

          472f2e5018f0b17790f796d2b5f617dbd6c262855b2407772852091b965188ec

          SHA512

          15a4400702835cac87a2b1ed9d87c406b3aeca5782b0ddcfe23e2d417494193e6ba1929b7b3241a686c98040776f500f769b8170978475700c1f721eb0f13132

          Download Submit

        • /data/data/com.leftpassrr/kl.txt
          Filesize

          70B

          MD5

          20d97692c6de59ddc44c52609fb44951

          SHA1

          5d95ef992951660c0ad1b701b2683bff9c097867

          SHA256

          b315d86c8724fbae6c9eba1779cd2bbd4ca4570ddc8177d37363539ea0e53d60

          SHA512

          98da2fec71254d596c542215445f2e18039fce8ea8f7ec44ae74e7a3709d4dfe6236981e810517dfecde3013942ede87979ba9e98017f27010d4bbad3936d361

          Download Submit

        • /data/data/com.leftpassrr/kl.txt
          Filesize

          84B

          MD5

          4c25f5b2749a1f5774d749323f976669

          SHA1

          d06d16b45e2625bb9346c8ad60e6c0c5bb26db03

          SHA256

          cd52ea28e94b29a7a1932b809723b611334f54d116e6cf64991c289a88c0c932

          SHA512

          b06127f47123445308e4d00fc1f33d291793bf3d976e59a999f730491c29b333c3f62227b2d0e963483408c139f3eaa1c1d8120eee8550769f79900324094c59

          Download Submit