Overview

overview

10

Static

static

6

.pending-1...16.apk

android-9-x86

10

.pending-1...16.apk

android-13-x64

10

Resubmissions

12-11-2024 07:36

241112-jfc3sswrhw 10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    12-11-2024 07:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .pending-1690617237-chrome-update01216.apk

  • Size

    1.3MB

  • MD5

    f1a8bde16690e181588a6e2609b20c96

  • SHA1

    5cd203c9a378e389714320c66530010036f2fb6e

  • SHA256

    fcb5665e81ddec0bbe57bdc2acf443ea5f5a521e50d085f978f2dc4e5ce01d0a

  • SHA512

    9536f6be977f8d2e12e55205fe4818d2cbaefe6e1035e9151c0080052030ab5b6e5fee831cc879ca084b33dfeb932e76bf4a9bd017827cb1b98c4513a4151caf

  • SSDEEP

    24576:WHyV2tCKvYy/Xm+B2akhR6Qf9cGEGXN8ZODZH7mqzCeJClAE4KvAS3u:WS1sYyP/2akhRFCGX+ZGZbmqmyClAE4D

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://29p0jb1nyxmt.biz/MTU2OWE0NzJjNGY5/

https://fmri3i4567ng.biz/MTU2OWE0NzJjNGY5/

https://ahs8a4mz8ehq.online/MTU2OWE0NzJjNGY5/

https://518tudu7579h.xyz/MTU2OWE0NzJjNGY5/

https://4jsi8qj3203u.org/MTU2OWE0NzJjNGY5/

https://4n51yg9firr3.site/MTU2OWE0NzJjNGY5/

https://0eto0mhk6g7b.top/MTU2OWE0NzJjNGY5/

https://icbm5s5oj028.xyz/MTU2OWE0NzJjNGY5/

https://yjf241z0uu75.info/MTU2OWE0NzJjNGY5/

https://wanrflitrnvn.asia/MTU2OWE0NzJjNGY5/
rc4.plain

Extracted

Family

octo

C2

https://29p0jb1nyxmt.biz/MTU2OWE0NzJjNGY5/

https://fmri3i4567ng.biz/MTU2OWE0NzJjNGY5/

https://ahs8a4mz8ehq.online/MTU2OWE0NzJjNGY5/

https://518tudu7579h.xyz/MTU2OWE0NzJjNGY5/

https://4jsi8qj3203u.org/MTU2OWE0NzJjNGY5/

https://4n51yg9firr3.site/MTU2OWE0NzJjNGY5/

https://0eto0mhk6g7b.top/MTU2OWE0NzJjNGY5/

https://icbm5s5oj028.xyz/MTU2OWE0NzJjNGY5/

https://yjf241z0uu75.info/MTU2OWE0NzJjNGY5/

https://wanrflitrnvn.asia/MTU2OWE0NzJjNGY5/
AES_key

Signatures

Processes

  • com.nextobjectygy
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4347

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json
    Filesize

    2KB

    MD5

    fc718b98b64fe2ed82e1e2c0d9967266

    SHA1

    cc7975eca0b8f2780d99f32ebb6e5ec8226fe078

    SHA256

    4b91d174ff6bbc4d85830d59f99135780a4e10c0cd869723bcb1a5dd99d1a0ff

    SHA512

    fe8df4b8730c8d2c6beebdaa01c7e79a761d7a75ee13705c2dcc5a82a0f3f5d7c1bd83a64e37f5ecec6950b53f2f7e8b0d587654c7301bb2a55f7541a94b9e90

    Download Submit

  • /data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json
    Filesize

    2KB

    MD5

    b50a3902d820db59c863242b523ea612

    SHA1

    2f7522c043c173916095aa45be39ffdebc49828e

    SHA256

    631a6fe0c17c52ccc4ceb67e7296b575857b36fb7dd1965a71fa5abb45f01036

    SHA512

    ebaec637417f0f5e750ab0a3b35945bf17ea729de91d4253b1206986c38e6908f6e2433ef4f599a444c635d11a9826761fbfd33c68d980418058f1903b99e076

    Download Submit

  • /data/user/0/com.nextobjectygy/app_DynamicOptDex/TGl.json
    Filesize

    6KB

    MD5

    58e846b1e78a29b77a81113a915ed6cc

    SHA1

    e929dd35bc6cd2dc4417df46dcadc7a32b50875d

    SHA256

    1aa5a09744c24bd1b999846cd4f742b179fe3beb27f5467c161796c6357ba807

    SHA512

    5988e11a5b46ed74fabe6b4c72d7fff207e036bbd637e945c7657eaad078af1bcf1e6d4b2255213a0b86ac6fd4145a7bcbd7a1c08296c9f50e34ea0ae9c3857d

    Download Submit

  • /data/user/0/com.nextobjectygy/cache/mylywfwk
    Filesize

    271KB

    MD5

    4889f001450b34d1d50b0a8d1341a5e0

    SHA1

    0d015e40994ee61bd4582b34c18db5e762418a77

    SHA256

    eeeb9de74c2137c1d79a72da567e6610ce974d2d2a2f7ab38472dbb76dac0674

    SHA512

    0fabb069e66fd7b32cd03f6bec0228d2a74649ff35ef446943f0f92fe9d08dbecc23189a36f2c18265d2f89b217ea604897125419c3aa841b8a4a8a032c85e3d

    Download Submit

  • /data/user/0/com.nextobjectygy/cache/oat/mylywfwk.cur.prof
    Filesize

    382B

    MD5

    0b930bd13c6853be76efa7f4d27fbc11

    SHA1

    94198c604d5f2c7c3a5b21f4c1b78c6a23cfc91a

    SHA256

    be12afa250a02157686a2581eda37cb58e6b2d5dbfa101be82a234b161880784

    SHA512

    c00fc4056a843a803f498213230a85b74dc6e7bc319eb949f709a4c8bc74c7ec5830fe302dad1351690c270f5ec34ae1e0324dfebb698a92264e11ad5e536b2f

    Download Submit

  • /data/user/0/com.nextobjectygy/kl.txt
    Filesize

    60B

    MD5

    66a78a25fba3416ebae0a63a0a5c809c

    SHA1

    fc41ad418b239222cd2033279dd181cd9b21038a

    SHA256

    394857d4574691207469d9090e7a7642303d8e1eddcd555ba194a2c9481d05ab

    SHA512

    f4db78d2e46d867df195f61ed73e29dff5e22693e48e8d039a23c13fee6ebc9617f9d78c31c0254d00d3296cbd47ace770ae750d29e941eb478ec4702392ba21

    Download Submit

  • /data/user/0/com.nextobjectygy/kl.txt
    Filesize

    79B

    MD5

    4ea6211764473f7a47c53664dfcd4c4b

    SHA1

    b01043606ba260a30b54b693d03691ac8f3cf8c6

    SHA256

    aa9682a70dd1533b1a5774f12980a796f7127a5826f477e79968f43212711025

    SHA512

    15473874ebffc5e9ce6dded6b7bcfca23fd70366cc8273397cda839fea946346997464dddc93e42b65e638db0c5b690614bd1f767b3f1d6a6b866cf99a5d04ad

    Download Submit

  • /data/user/0/com.nextobjectygy/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.nextobjectygy/kl.txt
    Filesize

    214B

    MD5

    7ba1c5a422c83e495ae5328eb476b9be

    SHA1

    7a1d6280566a64959c8bbb8e3f6cd042b638dc6f

    SHA256

    75518c3e1fa523dd5749a48b8f89662239cd5e637795a3fd071ac751c2e61ff7

    SHA512

    80d0a6289e5699569ab14dce3ad79dc0e85c97f363c2824f8ee5efcee463f80aeff8cf0db33226a79b3050dc8f3bd9f61e816e63f987a0ffeace7005aacc22ee

    Download Submit

  • /data/user/0/com.nextobjectygy/kl.txt
    Filesize

    54B

    MD5

    e0dc6411c755290db888194ea40b6325

    SHA1

    5ed6c427510e4939c8b23204821091ec4edd9437

    SHA256

    a1e54c04a14d3a4b0394723d128114ec6c42a24cec67be9722e37ac4ffe504f8

    SHA512

    f94209a88728c2455d8b699354287a3494f7a4216e94442720331c20adef8bab36755722c9332156216e3fb5529da303baa3f36935b142a1d657deee8a891cd6

    Download Submit