Overview

overview

10

Static

static

6

7ecdb7004b...4c.apk

android-9-x86

10

7ecdb7004b...4c.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    02-10-2024 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ecdb7004bd1d790bb2d5ed69bcf8182c1960e9d3734fbfb1e49b92bc378b64c.apk

  • Size

    527KB

  • MD5

    ab881e9d2a42c64a8cbbe8c35d48d9d5

  • SHA1

    02b0d0a0ce16aee06234ebeae9cc03b48f963510

  • SHA256

    7ecdb7004bd1d790bb2d5ed69bcf8182c1960e9d3734fbfb1e49b92bc378b64c

  • SHA512

    288dd27f92f7f4ab1e1aaf8bb64f2ccb0611a260e9a50a6d3a10c78992e808b58f56db54b17f3c4a96ac92785243f6b0101194b867ba98f7e2dfa2f890248a72

  • SSDEEP

    12288:25vbveLiLsE8FDSUzpTXL9B7GwD4668QeFwcMP20J32AK:EbveLiOFmCpTpB79DR6B6MrK

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://2fdghhoo11.top/doc/

https://3fdghhoo11.top/doc/

https://4fdghhoo11.top/doc/

https://5fdghhoo11.top/doc/

https://6fdghhoo11.top/doc/

https://7fdghhoo11.top/doc/

https://8fdghhoo11.top/doc/

https://9fdghhoo11.top/doc/

https://10fdghhoo11.top/doc/

https://11fdghhoo11.top/doc/

https://12fdghhoo11.top/doc/

https://13fdghhoo11.top/doc/

https://14fdghhoo11.top/doc/

https://15fdghhoo11.top/doc/

https://16fdghhoo11.top/doc/

https://17fdghhoo11.top/doc/

https://18fdghhoo11.top/doc/

https://19fdghhoo11.top/doc/

https://20fdghhoo11.top/doc/

https://21fdghhoo11.top/doc/
rc4.plain

Extracted

Family

octo

C2

https://2fdghhoo11.top/doc/

https://3fdghhoo11.top/doc/

https://4fdghhoo11.top/doc/

https://5fdghhoo11.top/doc/

https://6fdghhoo11.top/doc/

https://7fdghhoo11.top/doc/

https://8fdghhoo11.top/doc/

https://9fdghhoo11.top/doc/

https://10fdghhoo11.top/doc/

https://11fdghhoo11.top/doc/

https://12fdghhoo11.top/doc/

https://13fdghhoo11.top/doc/

https://14fdghhoo11.top/doc/

https://15fdghhoo11.top/doc/

https://16fdghhoo11.top/doc/

https://17fdghhoo11.top/doc/

https://18fdghhoo11.top/doc/

https://19fdghhoo11.top/doc/

https://20fdghhoo11.top/doc/

https://21fdghhoo11.top/doc/
AES_key

Signatures

Processes

  • com.sizehim0
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4837

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.sizehim0/cache/kdaifgdlrqcp
    Filesize

    448KB

    MD5

    21500139719df86474d609909e6ff961

    SHA1

    bb9fcafae51873d46743a00f40a6b36468fca33e

    SHA256

    eb79f712951ab351c690c4340d6f88363a8be80a3ee4cc8d12f9bba271f9b448

    SHA512

    54c626bb0713b0052f8d2a0eda9b5a184a292f1d20ccf6e938895b72f2b9af2f467b13fef0235a34225f59d3b886a1ad845ec744863ecf14e332522c432acfa2

    Download Submit

  • /data/user/0/com.sizehim0/cache/oat/kdaifgdlrqcp.cur.prof
    Filesize

    319B

    MD5

    751c1b317f965d4fb567c2bf6ef55563

    SHA1

    a8cdd357886b4aa5020dfd99d27ba692466163b4

    SHA256

    7ba253b91dd5e5e60d021a6b261b68ef36a1535565c64e91727ae91e16216f56

    SHA512

    0133a9515adf3bc9aee4053b13c4f75d62aa427ce13528b36e1782a728c1c19b2dcf5dc35b9dd620b16bb7dc49b8a38c7102803395a0b81bd7b1f01107e6a0d4

    Download Submit

  • /data/user/0/com.sizehim0/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.sizehim0/kl.txt
    Filesize

    59B

    MD5

    c26134df5b46a4f519a442f84628571c

    SHA1

    bc6b4a3b2b91f5f99141bd6c3731e9960e46d2d7

    SHA256

    0bc93a0c75319350ce04dcb463651ffc31210d8645a6908d5bcecab165d84469

    SHA512

    416402cfb6c2b78c144aae27410a25b6775bcce7ba463c5b3b9b9e45609152d6ef408a180458f82e338fb7a26c36a37c34881ed3a4a999653ad2eed288189f89

    Download Submit

  • /data/user/0/com.sizehim0/kl.txt
    Filesize

    69B

    MD5

    97dcc7cebcc0cb42f42b0f1801f07422

    SHA1

    da7b12e6b44d31457932405e4c6b17bd992c4a30

    SHA256

    bf01c1606b9f67c37dae47963f629b5379e36dce794bf27c97b1f15cb659f414

    SHA512

    5e2a2485cd3825dd4c7bceb68ac2a5d7e7c2e4f50cc0bbbc31795d05a5136bdb38e5ed597809ce72e4e0bb4ad070f3832f33237bf40fee2bcb54a19030003a53

    Download Submit

  • /data/user/0/com.sizehim0/kl.txt
    Filesize

    63B

    MD5

    8cacee3ef2868c86257ac2feaf416ac6

    SHA1

    c6d97cbfdbec2b74acb96a3b2f3abe1bbe8c7569

    SHA256

    fe4c309018f401f418df6dd587c4a3c509f3915b1e9f599a63939d354b9c72ac

    SHA512

    35cc9faf7878ee9a263047499e2617a60da1762b808e6d8a6f516afb6fbdb834b2c7c2e4a37afa32db8167b591ba15814bb1db157ba507ab877ac86d69d2ee7a

    Download Submit

  • /data/user/0/com.sizehim0/kl.txt
    Filesize

    476B

    MD5

    cddf7b57d008f42b532f6df91ded1c73

    SHA1

    3bc5f7b239fc88de8efcf3afe457f522b9bc1e39

    SHA256

    c871f9ae506b6010a50466d9ef5382490b349ad5c71b8746d17481a817b2f086

    SHA512

    26f605b56fc67042ffb54674102f9261e6d3e254c1714161f383b10873b42f298a1dc0426f06059bf699ba6655fa7afed29696831f98bab78a646ffec8ff7533

    Download Submit