Overview

overview

10

Static

static

6

01e6cb93ee...9e.apk

android-13-x64

10

197359a4d8...d7.apk

android-13-x64

10

2427241add...70.apk

android-13-x64

10

282a7cfccb...bd.apk

android-13-x64

10

284d74a6fb...fa.apk

android-13-x64

10

3221126c35...63.apk

android-13-x64

10

3f3ab2cd7e...bf.apk

android-13-x64

10

43e48ed5f6...fc.apk

android-13-x64

10

616c4ad548...8a.apk

android-13-x64

10

74aca9fcfb...e6.apk

android-13-x64

10

753c262257...1d.apk

android-13-x64

10

83684d8fa6...97.apk

android-13-x64

10

84b4b256e4...0f.apk

android-13-x64

10

865e193b3c...3d.apk

android-13-x64

10

8734504205...3f.apk

android-13-x64

10

950867a96c...32.apk

android-13-x64

10

98b720a6ca...99.apk

android-13-x64

10

9cc247e8df...48.apk

android-13-x64

10

a3a5eefad1...34.apk

android-13-x64

10

af3368fbdf...c7.apk

android-13-x64

10

b0bb07c713...aa.apk

android-13-x64

10

c4dccd90c3...2c.apk

android-13-x64

10

cabdd63fc1...d9.apk

android-13-x64

10

d27fe181da...a5.apk

android-13-x64

10

d73f872092...0a.apk

android-13-x64

10

e3b0cb744a...e8.apk

android-13-x64

10

eccd114fb6...9b.apk

android-13-x64

10

ee5950ed19...08.apk

android-13-x64

10

f94f3f8681...4a.apk

android-13-x64

10

fd70959566...85.apk

android-13-x64

10

fed26acfb8...c9.apk

android-13-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    40s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    23-11-2024 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af3368fbdffaed6f089dbdd77d170b09dc9fc8c7.apk

  • Size

    1.9MB

  • MD5

    cf72562e2263776d54be0bbd9e9d3909

  • SHA1

    af3368fbdffaed6f089dbdd77d170b09dc9fc8c7

  • SHA256

    73d3e8023ba36e1f89377a9f85ca9bfc5e7e8f9f566056341eafc85696f7e6da

  • SHA512

    03e349f663de23c2f088f58a4d2c73cee8eafaaa569b683b506de1666faf08ff735410ed534bbc9e13d701e24369742be1d0d540027b5737751b144173e60241

  • SSDEEP

    49152:VoF/+qiX0EnMFMab8dABmPJUG3LpFsn3PB/JlXX2ZGZbmqId8tAE4KoSJ:VoF/+qVEMFA6IUYdFO/B/nX2ZQ/IRc

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://chroww.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
rc4.plain

Extracted

Family

octo

C2

https://chroww.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
AES_key

Signatures

Processes

  • com.governtake0
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4329

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.governtake0/app_DynamicOptDex/ldciZ.json
    Filesize

    2KB

    MD5

    48ba3b7c9f270d6a0ab58d901c648101

    SHA1

    d10c2d5efd9c7e13e2367e43e48b431397d0cc36

    SHA256

    c9d634e9429156c03b0ac7acf05e28beb26864d36c9946642fe25c0fe64c1de6

    SHA512

    a07b563b3a9f3f2693aa0d4ce23c9b4a1149eb3aaee308a5546c045e3c89aed7c4d6fa38a4838f2aaaef31af320ff54e814e06fb64ab66ea0cae43269759fa3c

    Download Submit

  • /data/user/0/com.governtake0/app_DynamicOptDex/ldciZ.json
    Filesize

    2KB

    MD5

    de1d853e7952e7d36a7d5793e3045fc7

    SHA1

    b9407a2c1a5f0901ae288a392831c5ee8beb8754

    SHA256

    3cb4b87577bd41fe7195715ec61f9db3902e121514de28dadbc0a8db5c73efd8

    SHA512

    b643671c2a70e67249cdba9f47fa66c0f6ee8d1fc758c49086fa7a60c64d3ce3ed058c39b8717c2c3503932ed9ef0ee4559e95ada66d45df29011e564753bd7e

    Download Submit

  • /data/user/0/com.governtake0/app_DynamicOptDex/ldciZ.json
    Filesize

    6KB

    MD5

    5447d973c54b0c60a81de4f22120e99c

    SHA1

    1de73d16ba315b62f8f505bc86e4e8c2f8e89da5

    SHA256

    1876367ec4c0667c719868f3ec15ca6252193e12196bb042934687cccdd88eb7

    SHA512

    73f4fd75e735b8a713ddf923c20cf4c97b135e4974fa3847196ea1277e0ed6b2fedfab91f2c8cc49db4076542351ab65cfa4c9917201b1b54c415f05f642746d

    Download Submit

  • /data/user/0/com.governtake0/cache/aivnloe
    Filesize

    449KB

    MD5

    9dbdf61845830233da0fdd72c2fa8d21

    SHA1

    07fe74f39dd629393b89f818952af4873fd040a3

    SHA256

    c16f113110553da7b2995936017262c8cd21042228941954c51aac079efe6ef1

    SHA512

    315b8831fcd05bf455f24b2b2cbe347c35913c65b0849285fb497da0e7393c84dce4e57132067cf043c663802b9ed27b9c815954333968ca61c19e188a4e0a17

    Download Submit

  • /data/user/0/com.governtake0/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.governtake0/kl.txt
    Filesize

    221B

    MD5

    1b1a1d0231ef163c3dc17d18cb2bae19

    SHA1

    b9dcc3709fe915c8cb227afafeca3615e3554a19

    SHA256

    8238b4b5dbd781a02e5d80e6323ee882688c2535c84e82dadd4fcd2860d73ef9

    SHA512

    485ae70f13e7b636f08b94f14ff36b43d70cbfcfc440892402d99eb769695892fbe4068e32ba974446495eef1e78e7450aeb5a7940c773c3c3256d2f1fa07911

    Download Submit

  • /data/user/0/com.governtake0/kl.txt
    Filesize

    54B

    MD5

    22f199801d05049528943264da266045

    SHA1

    10e1ab2c1fcd7379e9f113c46ca4cd66d0621e1c

    SHA256

    3a62cb5ac4152be3e674d79ea1d0b1999425fbcbf2d6ba8b803c46fe7d367a24

    SHA512

    0451633b360d55fe53807230afd0bf1853098546defec63b43944e3572cfd73f61f6fdc9e52e1062b27c44a4fa3442371731ee4c1d25bc6c293020fe98c291cc

    Download Submit