Overview

overview

10

Static

static

6

c2e9b9373a...c4.apk

android-9-x86

10

c2e9b9373a...c4.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    08-11-2024 22:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2e9b9373aad5354cb1cca125ef46e0ebaf1405708646c0840315c517b1809c4.apk

  • Size

    1.6MB

  • MD5

    db8a5951d49b24ec0dd4f9502a57d080

  • SHA1

    dd14a0f194436b618dedd41fbf20bce5cca071b3

  • SHA256

    c2e9b9373aad5354cb1cca125ef46e0ebaf1405708646c0840315c517b1809c4

  • SHA512

    50dcdcd4737a341080f3c9180890af5e02aab625d8ed5a8e558d3650576468038bba7635f3790189eb793562165c09beed2e8db2ca2916e766901b7676d465fe

  • SSDEEP

    49152:T8DSEJJl8P9qU/W5t2Cw7/1XyZGZbmqQaKSAE4KoSp:C7M8X2CI/1XyZQ/Q5U

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://povtoruhh.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
rc4.plain

Extracted

Family

octo

C2

https://povtoruhh.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
AES_key

Signatures

Processes

  • com.menboy1
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4349

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.menboy1/app_DynamicOptDex/yFBO.json
    Filesize

    2KB

    MD5

    32ac1d05c007be4e58bd47237f87ba91

    SHA1

    8930603f1c4e192e640da6c8c9b084334b639ac2

    SHA256

    8a0e6a4af624324e0462ff57fa534733208402d5bf272bf421555dd007d14c0b

    SHA512

    a850780bd37f62eb8127e63263c0cdc87366f83c443264ec7fa75a103d8dd1fa9c64bcc3c55ea3a53db4b9e8f718720c5b8ee69983558bc2bcff0147769a2e43

    Download Submit

  • /data/user/0/com.menboy1/app_DynamicOptDex/yFBO.json
    Filesize

    2KB

    MD5

    685ab56f6376a59dfb03e07ae572fe90

    SHA1

    3457e6df987a65c3c29eeea0ce8ef891bc7d5eff

    SHA256

    56a31e57e2f8c9163ef65498c52ad29beb7e426647d71618bb7bc2c2489dac95

    SHA512

    273c7151160025ceadc97e9a04f9a82e55cb018ba315b8d0042342544ae4ce9a22fbb5807f603ba475e53eaec40f637eda5b08e8ab6253c7271705af7d268bc0

    Download Submit

  • /data/user/0/com.menboy1/app_DynamicOptDex/yFBO.json
    Filesize

    6KB

    MD5

    121d0806d46336e0b80aca0d62c25b5d

    SHA1

    eaa95694b475ac8a5697b3101f02da87f7d47167

    SHA256

    5a481735b14c9d8c16b7259f932b6f16678ff06ee22855bda24e69bc446396f9

    SHA512

    6469cb7f1b18c6589e10f9c53d81f10dcb2e133bd3e03691caee4474f654e07a188fe1b1ceda4ff66a3c4a5ce79794db99b8673a18fdf1cd8a00144718bb769f

    Download Submit

  • /data/user/0/com.menboy1/cache/oat/psoazohja.cur.prof
    Filesize

    397B

    MD5

    4a3088a99a185e459b7de9bcc452aa70

    SHA1

    e967d0edc0b3ccae6e551f5dc1fb677b164e4b50

    SHA256

    3458fe2eb65e2dbca3939b552eaa8d4ba782ef800855589f9ffa794ece2ebe92

    SHA512

    a838e45677fc23e9afbac6c56f539f6f7b9b80b8d649b8cee8e4238da3db58114611a03b688e47ce8a22f5855295bc02561fab65b90d6453d964518b23a594fa

    Download Submit

  • /data/user/0/com.menboy1/cache/psoazohja
    Filesize

    448KB

    MD5

    0d7125119668686465d05912a8faa5ad

    SHA1

    c0286b81f248bddfa83ba8a38082e88990eea57a

    SHA256

    407a64d3b440bf22b40a304fef4d81f38b4c397c330a144c9d47727b8da5cd26

    SHA512

    d58062dbdcd2953c1f90d78099501a0615e6424a1080c3429fce5469f9be31cdef5a541312e004e638986e1a53b4f70f5ac997666501aca4cd8191b3302cd7e4

    Download Submit

  • /data/user/0/com.menboy1/kl.txt
    Filesize

    68B

    MD5

    c98d2252254e69028fc49e427b467514

    SHA1

    4daf5d2c7d8d65810b585f57672d7f8fe84d02d3

    SHA256

    86981f3f8c543f27bcc3d98ca8ee9f5b6aa0383d6d8213d91b52862b7136d4bf

    SHA512

    4909d735b5e024f7e1c2cebe85abe8fdf4d1c5b0a87a6bcddf9ce671eab480859a1ff3830540629294003a47f6cc65035c2b437dfe38d6045212cfe904a488f4

    Download Submit

  • /data/user/0/com.menboy1/kl.txt
    Filesize

    76B

    MD5

    43468c7293894e16ed9a1de485f85bdf

    SHA1

    90a43fae501f7a10acaf2481abe8f46cf1b708b6

    SHA256

    7d78ee12c00d726b1a8f19af44c6a2f4ad6ca4ffc48bc5ea221deee96e1154a1

    SHA512

    2b3c41d16dcb641018f9f1645844d0556631451a1844138719e9b63b3e8cabcce97556ceed42dc27dd075431bb0dd5c6a5b2c974e2e1f1f94ade19b5abab6be6

    Download Submit

  • /data/user/0/com.menboy1/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.menboy1/kl.txt
    Filesize

    221B

    MD5

    e44b8b3cf5c93e890ba647df25cc7aa2

    SHA1

    663f9e84650e0441ccefc93e68f5afa99384ea05

    SHA256

    a51fb764b16d3fa462f168c2ff0a321120ec2f7c175531accf946e566c080bd7

    SHA512

    989359952e80f66e5a70356b1f38021897e0697d1623edfd6a5a22770997e02438289dff4dd7907a76ca6013d2ac2ded83d167b8de2b58bfd647f1634fcf66f9

    Download Submit

  • /data/user/0/com.menboy1/kl.txt
    Filesize

    60B

    MD5

    a09d87493287fa2fc177b911be6baacc

    SHA1

    1287c32d6350cbbb4193ec3c5b4babf388095789

    SHA256

    210a10805db04d4db033ef2c4667a8b4e77d4c8780947c9bc2685e39f9f265c4

    SHA512

    e678d92f9e24c1e8bea94d89ba671764f3ee3674a83cd1530660dcd81a46c9226ba8d584a8f22b4580431842db028c7f8d0ddb867da459573080d4dd6de5b062

    Download Submit