Overview

overview

10

Static

static

6

2bc86df548...48.apk

android-9-x86

10

2bc86df548...48.apk

android-10-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    25-11-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bc86df5487d9366eda47013cc724622308420315dbd6759822b43d3241ca448.apk

  • Size

    2.0MB

  • MD5

    d2a362314104307c83cc4015cdfa2747

  • SHA1

    b2a42a2ebfac9d68b855ec30ac427deb4d7fe0f0

  • SHA256

    2bc86df5487d9366eda47013cc724622308420315dbd6759822b43d3241ca448

  • SHA512

    531bf0eaf3d7f37c4f6381bb1c7677392d5bd8c04f6c4ad67a38592fa987e0d49e03ca0e51843c5020a5e6d4e0ba5a0cbd1901144308e0f944d7de1b276a17de

  • SSDEEP

    49152:+4zfTox95vWcYfK7eP71CyBHtskMYv620E+HMbCyYnl5mXdmr1aQRrC/YAXfP:+i7ox9AcM51BbN0FyYnqNmZaQ3UP

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://discount44today.online/NTQ2ZDEzM2FjMjY2/

https://easyforpro901002.pro/NTQ2ZDEzM2FjMjY2/

https://mobile0team0stat.shop/NTQ2ZDEzM2FjMjY2/
rc4.plain

Extracted

Family

octo

C2

https://discount44today.online/NTQ2ZDEzM2FjMjY2/

https://easyforpro901002.pro/NTQ2ZDEzM2FjMjY2/

https://mobile0team0stat.shop/NTQ2ZDEzM2FjMjY2/
AES_key

Signatures

Processes

  • com.cutsome46
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5230

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cutsome46/app_DynamicOptDex/Hctf.json
    Filesize

    1KB

    MD5

    bac915380aeadcce1cadec99ab2a45d7

    SHA1

    838b2558cf24042af8358d51963c1d26cb193578

    SHA256

    a781895dd703c83cb306308f9d90bd86d0f9f8f907a4d4ba921f6be0e7a4d6ef

    SHA512

    0c7165f09442881f761e69d26f7eed53cf618d7b1f44945e8308cc8f833812b0fc84e78744aaa100d4df5c44050d0ef585e25db26f042b05ecfc640e1858e76b

    Download Submit

  • /data/data/com.cutsome46/app_DynamicOptDex/Hctf.json
    Filesize

    1KB

    MD5

    232559ab95e3a1bac737aa552c77d3b9

    SHA1

    28719c5b6c56a24cfb23c924b9c2f5d6db5a939f

    SHA256

    f014b7a7fa2b39b38fe2807002fa3bd9146513fb9cffe9750c4828657db138fd

    SHA512

    ea8ab67f317cf8fbd4d020e6a7c42261bfd58f98246a96fec9eff322853fb3392b951563006b4a0b9e3dbb75c4d9a5b6bb74893a05c22f4b9f0a91162ab3acfc

    Download Submit

  • /data/data/com.cutsome46/cache/oat/yronmmgewzjnm.cur.prof
    Filesize

    469B

    MD5

    61fd0dbd09953ba9c5df563878941b4e

    SHA1

    e6aa5a894964cd010a14cbc8f1fe023ae573bbf0

    SHA256

    515e1d80ce6ee3cbae432d2bab7e47255586871198bb3e78dcb46eb711e45612

    SHA512

    dd9048ef7634a39b8231273a521f9d0015696e8e4e3e8fcbe2467068d082848abf4611ee812d3ff866ac86f88b33cc2d7d4ad06a18c04369c3e0a0434708f00f

    Download Submit

  • /data/data/com.cutsome46/cache/yronmmgewzjnm
    Filesize

    166KB

    MD5

    a7ab8370575f45e7dd72be6878196466

    SHA1

    79643d01d529d53b32049d974e6679d3f3161f65

    SHA256

    f859310b896adab4caa7f4757b74831a30d262a4acbdf926b63edef29c162990

    SHA512

    9a6459569e233d1aca452fef396aba42bf0649c54cb94d0e39b4f94a0e8564bc3f71c311be3b8cf194b5bfe4ab3d88b6ed14c4b6a557678efdb6690cb4c35751

    Download Submit

  • /data/data/com.cutsome46/kl.txt
    Filesize

    437B

    MD5

    b6d4632e63247742939d45c4599688df

    SHA1

    402b6dd37d21cdb7c8afb3c7b8e80766f765a80d

    SHA256

    90e57aabfee1f3421ba40f734f9b81d81e463ad357ae2a8beb741faea0b4b8dd

    SHA512

    dcfbe098d13cb865e5ed665a9b07b11ceeabaf67ebd001fcf33ba897115cd091bfb36e6627fdc0ac0865c0112bdcd661dbc58fc7d24f3396b8beb51e578ff122

    Download Submit

  • /data/data/com.cutsome46/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.cutsome46/kl.txt
    Filesize

    45B

    MD5

    0483d2a1cee77126fb06a61d00e4910b

    SHA1

    13e00358400a3f051ee0239908372bd7916488bc

    SHA256

    d3858ac96233e9efafb10eaad906b213213a89f2fb08f1207d89cd9dff633091

    SHA512

    3bce899d1e125d377b401052f70f01bcba21c7fc3160debc29eb21088fc66148737242fa53ce20fe65c0162c8fd241d69cee66d760c8599ee94ea4c596f49fee

    Download Submit

  • /data/data/com.cutsome46/kl.txt
    Filesize

    63B

    MD5

    9c3c667c9645681c4fbe80fb750110f9

    SHA1

    2f8a0d1b9c1a977b0d64f3fe3b53b6c433b938a4

    SHA256

    955bc72ec6add04f584aa26270244397da8c780200023c54c644da7e305332e5

    SHA512

    67192ed5e2811402b6449e3d94de0036f20ac670a5ac018128b8dd83e031c78ddabc45c7db1e118fd945662674a3fe529c6aa1b4dfb3d67c7119cd9c1fa98b23

    Download Submit

  • /data/data/com.cutsome46/kl.txt
    Filesize

    45B

    MD5

    e702a7f59d5083054ab387799a818183

    SHA1

    e0ab93b17e75ac4bb21a1d3a48280d9b5707cafa

    SHA256

    2fa3c72708dcec66f24b466dad456563b0cc31831704fc3912b456676db8158a

    SHA512

    c0a3739564430a2fcfb2216194c02899890551326ab0d92960f81b85d105e21be8f4e167170cc0c8572a180c65724084fac0bfbe3b821deb340d662299b9195d

    Download Submit

  • /data/user/0/com.cutsome46/app_DynamicOptDex/Hctf.json
    Filesize

    2KB

    MD5

    f589df47faf2fcd38dfed25dc28c358f

    SHA1

    f8d226aff61caa98858bb714275b104a29795ce9

    SHA256

    a5efee99e841501675fb6a73e65c11c21a3edd55c3b5920c890a5eb56063a4dc

    SHA512

    32ab0e5913d98fe0d1da848ec78d237efafbcb4944a952d0c86c9b9d1df763f66bb25183ec37afc20ef7dc5784bbc8fea14bede0d7bd6957ffcecbf9f4966250

    Download Submit