Overview

overview

10

Static

static

10

9056ea7d09...5f.apk

android-9-x86

10

9056ea7d09...5f.apk

android-10-x64

10

9056ea7d09...5f.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    05-11-2024 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9056ea7d090647e02f1824915a7af8d1ade92aeee246a59f97c409d9f9e1d05f.apk

  • Size

    3.8MB

  • MD5

    0c9cbb06461003b9f41c76c91ab0c0c5

  • SHA1

    2d473e68131e62a45cf7db3aa702ac4548592819

  • SHA256

    9056ea7d090647e02f1824915a7af8d1ade92aeee246a59f97c409d9f9e1d05f

  • SHA512

    cb28fa49e999a62ceaa7b514a90f0470b29142d9f82b960832cae84ede0a7600df84b65dff765af2f1fec0212d1144d44382f93e13d0c18e4deda8a0dc44611b

  • SSDEEP

    98304:lMmoZ+NjKHItxtrZE2h5EmDQRaA2+EAGXWXuRN4tAxP:lHL9f7MT3WCEX

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://93.123.85.21/ujjwal/

AES_key

Signatures

Processes

  • com.sonnokta
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4797

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sonnokta/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.sonnokta/kl.txt
    Filesize

    245B

    MD5

    d398a7865adb762f4200efa5e71450ae

    SHA1

    3439a98c097a481008516b0a9e75350b70aa3acb

    SHA256

    9906795459c832cca0db0986b63de357e6663dd5bdeda9a5934d16b0b1c82a35

    SHA512

    17cd7df3d21cdfea4e888eb3ff571951f9eece0304c4e79d37cd38285b5eb7b153704d7e1d1768cdc1c88f29fc3af9ede67c872a378ac7ed0a728c66dd6e8169

    Download Submit

  • /data/data/com.sonnokta/kl.txt
    Filesize

    71B

    MD5

    b0b5b96783868d5b38d028fc3083fdb9

    SHA1

    dddfb605c0494fbbf75eb196e563f3d2ec28a45d

    SHA256

    dbea80a3e0ce5b9ccd5f8634f0f2761c989e6af635d65198ca6dc3871435be9b

    SHA512

    25942c8826be4d9febb10df52271ded0abbbe186e3903647ca3c91bd7f53044421b70922abf11deb8e53f5421c774a164d9db33e074ee9380b825674030f3132

    Download Submit

  • /data/data/com.sonnokta/kl.txt
    Filesize

    83B

    MD5

    7e34413f2acefaae6b523bcc5d412573

    SHA1

    d771e8966519c324cec999c0eda7847850136911

    SHA256

    4175011291ec8341db525e775af926ea29a98e7ecf2065d9bebb295188588068

    SHA512

    60f71264ea716c5dc89c718724a43635a2544963c9e2ccc4b4d71d914163b00842cfb291c56443ce16e9ad64e0fac05a24300e4b278419442ec4bfdc6b54bf5c

    Download Submit

  • /data/data/com.sonnokta/kl.txt
    Filesize

    88B

    MD5

    e2ec57437cbf71cf927ffce2e6f08eb6

    SHA1

    3a1d870563f42667523f850a3bfc2b2d2e509912

    SHA256

    887fb065bf999b974b0bdfe4b803c4fda2ba4b0317c467e46de40a35fd3d2a9e

    SHA512

    ba16fc21c7ac9400fb515a672dbc7493e2d49736ac88d4172155b3bb47011b7857a73c7d116b6983be2217c36e7cb51f5eca52e43771093e5765eeba1a0ac7ff

    Download Submit