Overview

overview

10

Static

static

6

ebf146781a...1b.apk

android-9-x86

10

ebf146781a...1b.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    28-10-2024 15:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebf146781a6b0d52c18ff72957eee3f5116c005111716596452654a75fefa11b.apk

  • Size

    8.0MB

  • MD5

    37073a351c8aaa6a4e51db8f18b04f48

  • SHA1

    17466f7e8b194777519a3add039d9c3ba9c4deb9

  • SHA256

    ebf146781a6b0d52c18ff72957eee3f5116c005111716596452654a75fefa11b

  • SHA512

    60397381b6413b16323fd961f9f47f0c9d6235088f03c7d9ee1caae3f7ac06aceaa56e44f842e06a1dd4ab52de050a9592cea1503f1971bfc13c19aa16d6698b

  • SSDEEP

    98304:/MX33l7UU3SIdbc5iSRG77RsLOdC3XKVKRTvPkeNeW7:0X33lh3SmcrgR103XKUZv7

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://839f702490ce17a92b6e415b949aabc1.com

AES_key
AES_key

Signatures

Processes

  • com.pipservice2_supervision
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4614

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.pipservice2_supervision/.global.com.pipservice2_supervision
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.pipservice2_supervision/app_main/XO.json
    Filesize

    1008B

    MD5

    db4e203e00a6850232c61493d72dbd60

    SHA1

    f7813f0becaa095bd154e5c37701282c3f5a3e5f

    SHA256

    3dbee94967031a9cc280cc08e1b1ce8227be95c43fe6493a91b9c6f5e49330d1

    SHA512

    43478b3b1a66ef79ffd405867916f3d768c91de5c7fd385b5ee89920620d63b85020938dc1275c232fdfa67bc3283fa5a9cc18dbf5e4aa59393701f801fbaeef

    Download Submit

  • /data/data/com.pipservice2_supervision/app_main/XO.json
    Filesize

    1008B

    MD5

    b8e9e4bd4a47ef5cb7ceb0f5460f9f4f

    SHA1

    4d64cd605824ae566056314b7e549543919af641

    SHA256

    ac1ff088fa976983d400295bf9c72c707585589e93910f3bbb3de559ff6fe0c4

    SHA512

    9e3c7bba854e3063cd88e8b3879586ba0478c6a1d3a77bdc3cc757758e47a9235417cfe91fc083d42a1c5c2afce6e9458f2fd3106259a73ab782d976a19e139e

    Download Submit

  • /data/data/com.pipservice2_supervision/files/.l
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.pipservice2_supervision/oat/x86_64/[email protected]
    Filesize

    486B

    MD5

    8871572bac3a881071998c95055cf9ac

    SHA1

    90d964bdb6bf826f09670cbf355891be5490a987

    SHA256

    414ef4a92cb54b91e8ae98717fe4553f5a09608a361eba2fd76cb058245a0e87

    SHA512

    c8c79a48e89e74ccbf7a42fb570a4221a797360b84a23b6192f987788c226b9d806dd3611505e2f94a44002ac40bcb3ab9c4a6184b314cf6789fc5c5e27faa7e

    Download Submit

  • /data/user/0/com.pipservice2_supervision/[email protected]
    Filesize

    526KB

    MD5

    418718e98c3e57b9835c7b927c6e4b37

    SHA1

    3592d1889f6598192773917169e978ee3d3a1c1b

    SHA256

    71214b59a79e2ff54288b1c80a0b61402e7994e2b1c062ec167f440b72982ceb

    SHA512

    4a31ab871673f29adcafb89eef5a07e98c46c272420d3c9cf77b5f248e8d988182b0dfa7b8b71f5173003e49be4254327c56456c42f1f159b4509e557d4f2c66

    Download Submit

  • /data/user/0/com.pipservice2_supervision/app_main/XO.json
    Filesize

    1KB

    MD5

    0312ceaa666ba34402881823b57fbd3f

    SHA1

    f04a76cbff6a26c2b5ff9d0be8315f4422bebd67

    SHA256

    b2363280a522e235448db1398901709b8b1c77c65ac136e7006b5287ac3c8b81

    SHA512

    bfe98a74696ab70be9edea1c2b2eaf748de683d1ae7a57d69edd5dfeaf5f312abcbdb4adb3cd921c4058394de7c45267ae65c4e22f82e40e35a9904886339b9b

    Download Submit