Overview

overview

10

Static

static

6

01e6cb93ee...9e.apk

android-13-x64

10

197359a4d8...d7.apk

android-13-x64

10

2427241add...70.apk

android-13-x64

10

282a7cfccb...bd.apk

android-13-x64

10

284d74a6fb...fa.apk

android-13-x64

10

3221126c35...63.apk

android-13-x64

10

3f3ab2cd7e...bf.apk

android-13-x64

10

43e48ed5f6...fc.apk

android-13-x64

10

616c4ad548...8a.apk

android-13-x64

10

74aca9fcfb...e6.apk

android-13-x64

10

753c262257...1d.apk

android-13-x64

10

83684d8fa6...97.apk

android-13-x64

10

84b4b256e4...0f.apk

android-13-x64

10

865e193b3c...3d.apk

android-13-x64

10

8734504205...3f.apk

android-13-x64

10

950867a96c...32.apk

android-13-x64

10

98b720a6ca...99.apk

android-13-x64

10

9cc247e8df...48.apk

android-13-x64

10

a3a5eefad1...34.apk

android-13-x64

10

af3368fbdf...c7.apk

android-13-x64

10

b0bb07c713...aa.apk

android-13-x64

10

c4dccd90c3...2c.apk

android-13-x64

10

cabdd63fc1...d9.apk

android-13-x64

10

d27fe181da...a5.apk

android-13-x64

10

d73f872092...0a.apk

android-13-x64

10

e3b0cb744a...e8.apk

android-13-x64

10

eccd114fb6...9b.apk

android-13-x64

10

ee5950ed19...08.apk

android-13-x64

10

f94f3f8681...4a.apk

android-13-x64

10

fd70959566...85.apk

android-13-x64

10

fed26acfb8...c9.apk

android-13-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    34s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    23-11-2024 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84b4b256e482bad6dfa694a96e9b4ea5fcc9fc0f.apk

  • Size

    2.2MB

  • MD5

    081bd06adceac9e3b5b19d9369156634

  • SHA1

    84b4b256e482bad6dfa694a96e9b4ea5fcc9fc0f

  • SHA256

    0a878d9178c95ad2a518471d2d97d6dfb50b5e9bc1bd0e053a3fa85c787b891b

  • SHA512

    77f30b67b577f1fc5c4450b92211c85163eb94e4c6b0a2ed8e2fe4e1436ef1d0ccd115255d71272ca60c6890ce8c0d75aa65ee2eb7c7454b1f3625eebb172eae

  • SSDEEP

    49152:DwufK3pY9s83fPmN+yOp97eYCyczag2XiZGZbmqQa6qAE4KoSx:DwuUY9sUfPmNfOeYQz/2XiZQ/Q5g

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://chrownna.top/ZmU2YzQ2NjZlNjc2/

https://lauytropo.net/ZmU2YzQ2NjZlNjc2/

https://bobnoopo.org/ZmU2YzQ2NjZlNjc2/

https://junggvrebvqq.org/ZmU2YzQ2NjZlNjc2/

https://junggpervbvqqqqqq.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqgroup.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqnetok.com/ZmU2YzQ2NjZlNjc2/
rc4.plain

Extracted

Family

octo

C2

https://chrownna.top/ZmU2YzQ2NjZlNjc2/

https://lauytropo.net/ZmU2YzQ2NjZlNjc2/

https://bobnoopo.org/ZmU2YzQ2NjZlNjc2/

https://junggvrebvqq.org/ZmU2YzQ2NjZlNjc2/

https://junggpervbvqqqqqq.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqgroup.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqnetok.com/ZmU2YzQ2NjZlNjc2/
AES_key

Signatures

Processes

  • com.halfseeqp
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4475

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.halfseeqp/app_DynamicOptDex/YrTGbO.json
    Filesize

    2KB

    MD5

    70ef485aa51f14f59a5e2997127a586e

    SHA1

    bce9e0f81308508ed401d7152ec4f029f29e1edd

    SHA256

    a415981f4450ccb964ef1623d5ab40e1d47f6e95c3fa6d5204bcd606fead2f57

    SHA512

    abbb84c24545a1f5db40a47503fced30a600403f84c475fec0995619bdad01f6c397145ed4123634959449a4b9a0f714cf575fbeb25ee4562b40dc919e7f5fc3

    Download Submit

  • /data/user/0/com.halfseeqp/app_DynamicOptDex/YrTGbO.json
    Filesize

    2KB

    MD5

    8ff7172d8017703945f25fa5d2fd516a

    SHA1

    82b1670ac887ade6081a2f40149b908485cdad7d

    SHA256

    06ff9288cd367273ce886a37583827557b01d4fca1970476a907b7c43d386340

    SHA512

    44c0b7e9312ce1009c385712084dc0c8fc997a5617c7145d062799a38106548fd49211c945a41200eae3cdb403a45b00d5b0a4f2a4f7bc668ad877645519f85b

    Download Submit

  • /data/user/0/com.halfseeqp/app_DynamicOptDex/YrTGbO.json
    Filesize

    6KB

    MD5

    941f6ba9962e1c4565512205cb319bb1

    SHA1

    47ebdb3e2f19bbbe44f7ebbf550cbb2dd62b1359

    SHA256

    321fa09377cd3915f8a621172fd851487d4a3a6c9cb3b0315318d2b8d5e40a8b

    SHA512

    8075b671926d24dcece0c10a5d32ee547b90013e77afb541f7a13dea210b8ec3dee57827386659a72c4c79e233f4dcc6ca2a93efc57e669ca07d162d25f95404

    Download Submit

  • /data/user/0/com.halfseeqp/cache/vbznvnvecysuk
    Filesize

    448KB

    MD5

    c786ed856d4ed11d259d73cae47bcc7f

    SHA1

    14617e3bfdca890da694b7f7f1dc0d3ae85f39a5

    SHA256

    1492a7cdffbd232b4f738c529f85fdd2a198cc62331f7746357043458e8ebca6

    SHA512

    c07d31a9b404c8815f3a276a0d1a28df9830805a9c030a1f638577164246919067d78aa887df02a1ce0af140c77e8d89ee62d55685663150dcd9238b522f77b1

    Download Submit

  • /data/user/0/com.halfseeqp/kl.txt
    Filesize

    61B

    MD5

    4f47a2e31e97b94f9f32975f8e3977a0

    SHA1

    69536e20700413fdab1a10c7b4f06bab58fd5c6f

    SHA256

    74f10a771a429622d8fff258dbafcd76468b185a40846205d1b1be30a731f7f4

    SHA512

    99039fbda0b8c4d239d4998fa4d3b5cb29f9b6a7e848bfed691806d85ea1f42acbaac59607b7eafe95561ba9413549eaa3fa69c7eeadb0293df66f816c458b33

    Download Submit

  • /data/user/0/com.halfseeqp/kl.txt
    Filesize

    76B

    MD5

    7be94dce81b281e25a268bef0b22aee0

    SHA1

    ab8d2d98e4848515f53a3fdc043e70048a8546b8

    SHA256

    cf6fb2feff3a0b5a484769302c3f066adeb6138d4d87f85c192d31d155ee59f6

    SHA512

    0767016abe8b90a9ef6ed0d093e3fb9f13e1b677ec9a533a4264c9eef9a65980666b0798bd065d33b870b12282581cef471285ec65cb49161a03bf39ed29685a

    Download Submit

  • /data/user/0/com.halfseeqp/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.halfseeqp/kl.txt
    Filesize

    221B

    MD5

    e382bf6831f87612d40694a85f06aecd

    SHA1

    60341bf6b046318b0c22479552db2e52a63cd702

    SHA256

    41acf8476c3897da9563a5ef02c99fd0ba43b4fb751afcb3a8b1d78fd5fa182b

    SHA512

    dac392339d9b055b0f0216baf58165bbe75e5c5092c41f5215f83cc1583795ecfabc1f7facd88799261dae6a06c37647deaf89b51ab6cfb3c0991d07537c2759

    Download Submit

  • /data/user/0/com.halfseeqp/kl.txt
    Filesize

    64B

    MD5

    545c91e5059e276005bb3f77c0d3c85c

    SHA1

    7de2e77cfcac70b67e3f002d8c2c439e303bc772

    SHA256

    1a6acbf365cd8381f4693d7d912725ca8a3581ae44a1a0caaabc478b86cfe520

    SHA512

    a2498f71f36ef4c55c1fe4444f345ffc5cb3f8bc5935522774563167197d6c0f0d5be5945da8a30cdd7daf3e1016188e393e67ac87e147946c06b26feb23c20d

    Download Submit