Overview

overview

10

Static

static

6

8368ddafcf...30.apk

android-10-x64

10

Analysis

  • max time kernel
    20s
  • max time network
    37s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    09-10-2024 08:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8368ddafcf8a59db7869dc8297526f8a84ffa20e4dc42eb92fde1839398e1830.apk

  • Size

    8.3MB

  • MD5

    02daaceca7310f2deacac33be731e27f

  • SHA1

    a3db75e35201a5aa2492c52d651366b29fdf7985

  • SHA256

    8368ddafcf8a59db7869dc8297526f8a84ffa20e4dc42eb92fde1839398e1830

  • SHA512

    cd658c487c8f296b02d9052465b646e12d565cc83e2fc9ebd0497da7d7ede117840eb17f94500681a9957c125805d5b338467820cb8fd0fc55d1b684804a0a0e

  • SSDEEP

    98304:tNFiBOzBqtfxiUQuVN+VK5RzY3XnRszkRin5iSRGVir/eyS:t7jzBys5gN+U7E3XnRSiwrlDnS

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

AES_key
AES_key

Signatures

Processes

  • com.widgetdreams_framework1
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5057

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.widgetdreams_framework1/.global.com.widgetdreams_framework1
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.widgetdreams_framework1/app_wash/fYCk.json
    Filesize

    1015B

    MD5

    ca3255dcc087a6770ee4d918dd9dc565

    SHA1

    04ed71271f801c0858acf6c072789aee3302c91d

    SHA256

    2e246d831eb8b5dca3449a97de6373e0bdf0ba65de35729f06a6c5a292485341

    SHA512

    8b00aa86d36301686c62f85350e22b2fc0f3e9d5332cde694a21ca2a7c3057ab8aa129e4c8e5da8683e9710d53a03a05d52f5dd9b110b07c5e4f8a98452147ae

    Download Submit

  • /data/data/com.widgetdreams_framework1/app_wash/fYCk.json
    Filesize

    1015B

    MD5

    21735ae76cdefdf0aa5833398b000270

    SHA1

    ac74216460f8866b683eeef1fb1d86f4128e5eb6

    SHA256

    b37d6f7bbb592f9e68024691954e9a0d595ff80dd9bf260ff7a6636139a1e3de

    SHA512

    99785fa997bb8673048a59b220ee9605d092847a107053c9ccfe46ed398ea9f916dbcd9fe8a567a3d66d4fd20a21eafe71aa0f5ce025597dc5d506f4adebc15a

    Download Submit

  • /data/data/com.widgetdreams_framework1/files/.j
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.widgetdreams_framework1/oat/x86_64/[email protected]
    Filesize

    303B

    MD5

    824db22723a2fa34b48599637155a8c3

    SHA1

    2572bf68223ba87bf8243a66d6e392e4e2f013b8

    SHA256

    35db514031f01958560eb938708934705ef2fee670084f74e300e5ceb399edf3

    SHA512

    9f30ee5b47a94299ae2bc89e3ccb97a3dc86c3ea194ddf03f151812c2f4c27af61d5a6b7df33cd48f4be23aeb984104d7a5eaff04bee7e9eb724371cc27e8bef

    Download Submit

  • /data/user/0/com.widgetdreams_framework1/[email protected]
    Filesize

    526KB

    MD5

    7993e41d6a1c21f7aac9c73e3242eff8

    SHA1

    9d94154a7df583330bad7fc6ace9eeadd248da84

    SHA256

    fa966c2d2c0dbfb0ae127ff08cffd0c198e223e8e17f7832024c25e890abd354

    SHA512

    f7e89d51a403ec69c06da739525d28a87870d9bd42cfdd21d5aa8f3be5055c02b8fa54f110b4bc434c8d201682550745f7d62d1d0aaec99663b773171392a4b6

    Download Submit

  • /data/user/0/com.widgetdreams_framework1/app_wash/fYCk.json
    Filesize

    1KB

    MD5

    3f171cf8dc8c94c0b67b2d8bf72fe28f

    SHA1

    07f701fe1f697198aa1500a6c5150e92dd6836ca

    SHA256

    9aaccf104d35c49c79ae27e71f29bd42f9f4470dd8953efb3aaea13bcdf92ca7

    SHA512

    b9556374be260dd488d9a608a9e7a0850e4e80018aa70a032cd64bbcb6be942db9b7902303c053e236ec59eb070180c9cc4637d0115df0095e2b45b6939d3d65

    Download Submit