Overview

overview

10

Static

static

6

3727f8abca...d9.apk

android-9-x86

10

3727f8abca...d9.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    162s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    22-11-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3727f8abca297c50cbfb3df2448790b6b2e4c92e0cbea0c0cd8f599be33465d9.apk

  • Size

    541KB

  • MD5

    49d25ab605045500db97f6f94ef2f15c

  • SHA1

    fdd10963e334a78d1b3c10f09524fd71ee766cfd

  • SHA256

    3727f8abca297c50cbfb3df2448790b6b2e4c92e0cbea0c0cd8f599be33465d9

  • SHA512

    7f65bd9286abd7d65df8a418855005bd6c750a01eb696a70ada4f352ae4ce2f4ecd9f6b9f820b0f03d19f1411628393e5a2fe74c03b607f4e8d4d2d351895393

  • SSDEEP

    12288:yVAlN5Eg4nG0XqKRkdCSvxLmD2qP3JTuuTWoM4gnR:ycT2nG0UCSvQai44WoM4gnR

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://restore-center.org/OTRkNGFmNjQxZmI3/

https://avagroup2.net/OTRkNGFmNjQxZmI3/

https://gold-host22.org/OTRkNGFmNjQxZmI3/

https://industrial-soft32.com/OTRkNGFmNjQxZmI3/
rc4.plain

Extracted

Family

octo

C2

https://restore-center.org/OTRkNGFmNjQxZmI3/

https://avagroup2.net/OTRkNGFmNjQxZmI3/

https://gold-host22.org/OTRkNGFmNjQxZmI3/

https://industrial-soft32.com/OTRkNGFmNjQxZmI3/
AES_key

Signatures

Processes

  • com.enoughdog1
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4488

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.enoughdog1/cache/oat/pxfeqwbddwatjxx.cur.prof
    Filesize

    403B

    MD5

    f0a2b6ecda094152241a155584518b7e

    SHA1

    d2f9c435bc0fd4e2231c6d8da0c0d82eb76b6462

    SHA256

    9e657b3c3aa9f12b79d8dda05dee3c0ef8d4d498b4a1be9ad5281c3d8a053661

    SHA512

    f1071e0d4cb8e9ae4529d9e1026e6fb34e80e6bdf5065f036b1adc72dabf434c278eb842d245ca1a1caaa1a8887c34810793ba5a44553dde81020d238f6db485

    Download Submit

  • /data/user/0/com.enoughdog1/cache/pxfeqwbddwatjxx
    Filesize

    448KB

    MD5

    f713f4541a2300d77483aff55f091452

    SHA1

    e424907d3f77d5e31b5dd78e5601e5decd492a3f

    SHA256

    2c4f3008b4fa474de7f406e4ed8953936b1554f274ba7d7a91ef11180e5dbfab

    SHA512

    e1aba25e31ac27cfa2cf87ac8213dd2a0b1eb1668eaa8138710a082b1aff60413f578da3c88ce30bdb87fbd677f707241a8085229a084672b1dacd656a83cea8

    Download Submit

  • /data/user/0/com.enoughdog1/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.enoughdog1/kl.txt
    Filesize

    221B

    MD5

    181039d53dde0e3220a230cf89599905

    SHA1

    74b383cc21e1668dce320fbea185fdded4951149

    SHA256

    c980a902012628d936bf9939e616530752216581070e2f2703dd1f999163481e

    SHA512

    46f663a452338c9295b93a686ace9e9b45dbc9c832221b2e98768b389df56ec9df645fc0079113a5d6638a12bc93574ecaa793f7b2644bf276bc890878aca925

    Download Submit

  • /data/user/0/com.enoughdog1/kl.txt
    Filesize

    59B

    MD5

    79560fe4b0e03c466afdd13273142262

    SHA1

    3e84f4b84f35beada512539aca00021b21d05287

    SHA256

    04c0d16d52cb6b672911e759055566ed14a23d4d2abfc91a89207ee309671e62

    SHA512

    e00d7ff20f245c456305140c5e92e5f6a5822bc69a0a310be3eb94a59cb2101866dde716d0d04c128b8fb473d83a298ac556dda3c79edd5f07aed25c67a772af

    Download Submit

  • /data/user/0/com.enoughdog1/kl.txt
    Filesize

    69B

    MD5

    222fbccb8f47ae0956437ffefd857b70

    SHA1

    749fdff81c0515dcbd305cde64ff1c778129b838

    SHA256

    b7a17e8276a8521e78069d487d0f34285dd6e53cef081db427471b7c66e87baf

    SHA512

    c6628a0e1014ad7ecdf7335354d6a38490d4257e56a6d400b4902752cbc6289c3525751b8f670630082c4858c21d15c542784ae7fea58ebb83e752a68f3f24cc

    Download Submit

  • /data/user/0/com.enoughdog1/kl.txt
    Filesize

    504B

    MD5

    4ebf8dc287c93522aa9188ac503c57ad

    SHA1

    d09993d3c5fea5dbf7b955f56bc9b88d80760f56

    SHA256

    669555e37193e5c7fe792277ebf5b33571f2c32963671f0cf970a41d073fc296

    SHA512

    e67623604fc886eb22f00abf38a43115675713880043b747de92cf1c78b75c93e9a36e2af4e77f9ab0b75f9a256945e118039828997afd4f519be00f37f01a55

    Download Submit