Overview

overview

10

Static

static

6

01e6cb93ee...9e.apk

android-9-x86

10

01e6cb93ee...9e.apk

android-10-x64

10

01e6cb93ee...9e.apk

android-11-x64

10

197359a4d8...d7.apk

android-9-x86

10

197359a4d8...d7.apk

android-11-x64

10

2427241add...70.apk

android-9-x86

10

2427241add...70.apk

android-10-x64

10

282a7cfccb...bd.apk

android-9-x86

10

282a7cfccb...bd.apk

android-10-x64

10

284d74a6fb...fa.apk

android-9-x86

10

284d74a6fb...fa.apk

android-13-x64

10

3221126c35...63.apk

android-9-x86

10

3221126c35...63.apk

android-10-x64

10

3f3ab2cd7e...bf.apk

android-9-x86

10

3f3ab2cd7e...bf.apk

android-10-x64

10

43e48ed5f6...fc.apk

android-9-x86

10

43e48ed5f6...fc.apk

android-11-x64

10

616c4ad548...8a.apk

android-9-x86

10

616c4ad548...8a.apk

android-13-x64

10

74aca9fcfb...e6.apk

android-9-x86

10

74aca9fcfb...e6.apk

android-13-x64

10

753c262257...1d.apk

android-9-x86

10

753c262257...1d.apk

android-13-x64

10

83684d8fa6...97.apk

android-9-x86

10

83684d8fa6...97.apk

android-13-x64

10

84b4b256e4...0f.apk

android-9-x86

10

84b4b256e4...0f.apk

android-13-x64

10

865e193b3c...3d.apk

android-9-x86

10

865e193b3c...3d.apk

android-11-x64

10

8734504205...3f.apk

android-9-x86

10

8734504205...3f.apk

android-11-x64

10

950867a96c...32.apk

android-9-x86

10

Analysis

  • max time kernel
    148s
  • max time network
    165s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    23-11-2024 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    865e193b3c83f15cfb0a180dd33affaed8bfab3d.apk

  • Size

    1.7MB

  • MD5

    bed61342b7339b40f96172a8f3bf6e9e

  • SHA1

    865e193b3c83f15cfb0a180dd33affaed8bfab3d

  • SHA256

    55b92655fd372189cb7ae07dedefa23f7660c0500892150e8c5ffe788c3dc72f

  • SHA512

    108b86ed363d03c222b7abb8c37cad4a5cff6c57241daa38ada14cec04173d311736b1cadb040beaf065235671e8fcdc40819eebc1168829580e87980da5f2dd

  • SSDEEP

    49152:D8ow18yYd2Ws57EeC9vbOyLTE4+BPgwOrY:D8oFNdBce9vzLY41rY

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://ssfdnsjds.top/OGYyZmMyZmVlMGI0/

rc4.plain

Extracted

Family

octo

C2

https://ssfdnsjds.top/OGYyZmMyZmVlMGI0/

AES_key

Signatures

Processes

  • com.yetdirectokmn
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4780

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.yetdirectokmn/cache/oat/pxavugmtploaohu.cur.prof
    Filesize

    339B

    MD5

    3c3d476801338acc6b962fc53a6d36e1

    SHA1

    a1655a5c3c0f3eb9156668d6ca8d49e56c263ea2

    SHA256

    3e9c2d26a8eb019a14c0e87fc142748f49ac3f411ed0cbf4a5390f85461c95f5

    SHA512

    410f92d530bd0e17ffe454d80dee806fa3706643e9cce44e92b1a4c8f68ec8b4e29f343f3d88db82315f0a7fe2c4b891e585d332c6eb8a3098a251a39e987753

    Download Submit

  • /data/user/0/com.yetdirectokmn/cache/pxavugmtploaohu
    Filesize

    462KB

    MD5

    6c7b59c8c7a98418c43bade2fd1b0d3c

    SHA1

    18e177dbb846c5d9de887650f353d23755b93707

    SHA256

    8df99892eaab6e194105f33843e3de45dfad127f90b102c6a530fd593b686716

    SHA512

    b1e410115271ee370edd6330d1273622162d1de125eb99ecbe8211ff34c310f6f2a03bb25963f4c2668cf85cffb5c0996ef04bd6ea3fc4efdbac18efe3544845

    Download Submit

  • /data/user/0/com.yetdirectokmn/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.yetdirectokmn/kl.txt
    Filesize

    240B

    MD5

    af2a9bb09fe054c50d7238d691a825ca

    SHA1

    391ef99a8e49875577ec97727506732f710da304

    SHA256

    94371df41d586694df99a8d9e427648041b0cdbf118eb5cb9e6911e13ce1b214

    SHA512

    5c3e74acea2edb9c4cc4313c816ffc84fbb4eaf8e67472df622ee4e862359160e0a6254cfbc51d45f19b07d64fc38b219b55b2094c5e607d845ae2c5a9b22189

    Download Submit

  • /data/user/0/com.yetdirectokmn/kl.txt
    Filesize

    69B

    MD5

    46489f9d888892219ec9812035be2357

    SHA1

    b3d0684cfb8b1d41aab1365504e05cce4b482ee7

    SHA256

    80c0c18beb9fd7ffeedfbb0dd5a22581d9ab1b4ae1e739f35a6f81c2ebecb1a4

    SHA512

    00227f9ff8021a5d9ce8a80022b9ede176690a3a592477f1e8c20c0db0383aa3c98bb2f1d994056c20d6deefa53eb49edbc225a947413526473dd4a3409ee7dd

    Download Submit

  • /data/user/0/com.yetdirectokmn/kl.txt
    Filesize

    59B

    MD5

    90dc3077565553729aa959095fb71294

    SHA1

    2d75213366a5433eb175f3bf9e5647c1bea9f926

    SHA256

    7514026b729cd5a1120d268017f57fe853ae31077a13a0f876a5f414ac90f78b

    SHA512

    9a58e7b0b5db751862024da1883e33c99a378ec1fe96fae263d3b8af64cfd999a1dea78ed2ac6959d4c509be91025ca2983e651ebfc491174400df3c782e9c44

    Download Submit

  • /data/user/0/com.yetdirectokmn/kl.txt
    Filesize

    476B

    MD5

    3e57b0af75d9221844726eb855a53602

    SHA1

    857772e755612968db02a06b12abaf6335e799ba

    SHA256

    6b921ffff03595e48612ba8b57ab262becd72056bb8e1671b61903675a39e7a6

    SHA512

    6d216d8a6cbd27903a427319fb9bdc9b8c476811bcde208c08f6e481790774a1c131b679de0ebd85f7e0606c07afb9c56ae7b13a9e335b8506275644fb396348

    Download Submit