Overview

overview

10

Static

static

10

9056ea7d09...5f.apk

android-9-x86

10

9056ea7d09...5f.apk

android-10-x64

10

9056ea7d09...5f.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    05-11-2024 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9056ea7d090647e02f1824915a7af8d1ade92aeee246a59f97c409d9f9e1d05f.apk

  • Size

    3.8MB

  • MD5

    0c9cbb06461003b9f41c76c91ab0c0c5

  • SHA1

    2d473e68131e62a45cf7db3aa702ac4548592819

  • SHA256

    9056ea7d090647e02f1824915a7af8d1ade92aeee246a59f97c409d9f9e1d05f

  • SHA512

    cb28fa49e999a62ceaa7b514a90f0470b29142d9f82b960832cae84ede0a7600df84b65dff765af2f1fec0212d1144d44382f93e13d0c18e4deda8a0dc44611b

  • SSDEEP

    98304:lMmoZ+NjKHItxtrZE2h5EmDQRaA2+EAGXWXuRN4tAxP:lHL9f7MT3WCEX

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://93.123.85.21/ujjwal/

AES_key

Signatures

Processes

  • com.sonnokta
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4251

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

4
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sonnokta/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.sonnokta/kl.txt
    Filesize

    237B

    MD5

    e601c45ee79650260e9f8f7699728c77

    SHA1

    9add07e83e96bad623b2ce21fffe15f08ac8b60f

    SHA256

    e9e48e32e25ccb3e5ae6c90aeb53dbd13577bfbf1cfc5c6b5309ab8345785d50

    SHA512

    ae18761a343ca1841cc2cc07b3b5286d0665c57bea9d77f165f58ed3d690a633aa32ccecaacd81f9f1c80d9e3041f051539c68eab706b892b6c6f730bb7d9fd0

    Download Submit

  • /data/data/com.sonnokta/kl.txt
    Filesize

    63B

    MD5

    332f2ca637dbc7e6104892d263d1ca21

    SHA1

    b7fd07f1f24a5fdc1d3f553cbee22551fbcf45f9

    SHA256

    4ad24306ae1ebc6fe99bd382c39dde1a0be577e10e5aaaf2630d77429ac813c1

    SHA512

    43474cc725eaafc465cb225d4cbf3e8ee9e3c927e318735258f08ffec10f66e75b81ef1c83a0ffc1f744fc881a13ceeb5f379c6dcb1e967fed42bf61cbd11f32

    Download Submit

  • /data/data/com.sonnokta/kl.txt
    Filesize

    54B

    MD5

    7459f2255a8132bff792d4eb67a34b95

    SHA1

    3b9b9294ec10f0ea46dc118428a0546dbc3553b9

    SHA256

    85a0a137afd8b3be98ca09fa225e41990108c9923f58aa0dbef45f736d5e8232

    SHA512

    632974d57b124b40987d42c801d24c42ff5a0c78f04f1101125f0cc67276e03654a4bb5f58301bc826ff2cf932778b38efc9bfc77bcaccbca8d7c9e1a2f59327

    Download Submit

  • /data/data/com.sonnokta/kl.txt
    Filesize

    437B

    MD5

    c0497930d3a23607b62e7823642c7bce

    SHA1

    7861841c240c141e812201ac90f7167239311ffc

    SHA256

    3512eeccc602ebf806780057ab68b998eac1c2cc69257ce39ed05ee142857b22

    SHA512

    c8e3ba5e6e889d7f917d294b41f955f8c0db391e7f5618241cb634fc94093901c62b9fb9b92ed80aabf40322c09ed91c394db9d25985206211bd12fe864b7b2b

    Download Submit