Overview

overview

10

Static

static

6

478c43aa96...de.apk

android-9-x86

10

478c43aa96...de.apk

android-10-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    29-11-2024 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    478c43aa96a43cf26548384d171898aac7d07f2810b3b5e5fc5957a3cec27bde.apk

  • Size

    2.6MB

  • MD5

    bbcb3edd3b5102029ca963cf0023cc89

  • SHA1

    efd6608a2da1874e3b4a17768727fed71c3b665e

  • SHA256

    478c43aa96a43cf26548384d171898aac7d07f2810b3b5e5fc5957a3cec27bde

  • SHA512

    079ef87a9b57691b9ed120cfc6b81b06ef3bad931ab657479a40b2eb90a8e0837f2f94dfea0a6c03907fe770d31442200996015f578f4502b952713bdfa45337

  • SSDEEP

    49152:jQY3tFeBhovmr5+WW9NR/7yF/wL0Ra7eEr3Seo3BysEIcv62cEWvMjCyYnZRmXZW:zjeBhoOsp9Of7Rd3BANcByYn+JfZSQ/S

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://asdhaskhjdksjahdkasjdhaksj.hk/MTBiYTAyMTk0NzJj/

https://shdiuvhisudvhuishvdiud.hk/MTBiYTAyMTk0NzJj/

https://asdasjhdgasjhdgas.hk/MTBiYTAyMTk0NzJj/

https://qssxsqxaqxqazxaq.hk/MTBiYTAyMTk0NzJj/
rc4.plain

Extracted

Family

octo

C2

https://asdhaskhjdksjahdkasjdhaksj.hk/MTBiYTAyMTk0NzJj/

https://shdiuvhisudvhuishvdiud.hk/MTBiYTAyMTk0NzJj/

https://asdasjhdgasjhdgas.hk/MTBiYTAyMTk0NzJj/

https://qssxsqxaqxqazxaq.hk/MTBiYTAyMTk0NzJj/
AES_key

Signatures

Processes

  • com.maincertainubl
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4215

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

4
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.maincertainubl/app_DynamicOptDex/uE.json
    Filesize

    3KB

    MD5

    ecd45c664f6dfb240195ba6b0abbda98

    SHA1

    301a3213b24051a82b328496126b10289c51dafc

    SHA256

    7aa878297f91d13158dfebe6f8bb1fd79485ea1876b49b490c28fb47f526ec34

    SHA512

    bcd12eb54fa185135af63ef050e31db97bcb402aae01aa7bc88c187e965e0353786add1ea858d2262418350fd9389c53f4519c5de6f577fd51d8604583623ed5

    Download Submit

  • /data/data/com.maincertainubl/app_DynamicOptDex/uE.json
    Filesize

    3KB

    MD5

    48a0fe11acd52a2f97ffb7ba4c70cf14

    SHA1

    c360d9a5d7d4d4c9200e2b1d0b72f1a9239a8394

    SHA256

    2712ee19b39713f5cef2ea62c3ea2e2d06081e83d841ba64e06fc84f3df1f972

    SHA512

    42a93b91f531133db0a0c42781e2681b60994e61e02493a8bc2bb11229754eeedff7a4dbecac047a4e4f8cd7168e9ef9e7a55c5b322b2e1dea7b94c6718aa34e

    Download Submit

  • /data/data/com.maincertainubl/cache/bbdjinjdqgcyav
    Filesize

    450KB

    MD5

    01b512a325d71763c80f88afa1462418

    SHA1

    98e4c4743bedbaca5371c0cc15838e05141e48f2

    SHA256

    8028d8ad7d66be1ac427c82a276b16c784d83e4c6db67589af88e33d22f6f228

    SHA512

    e92d62affbe45086bdc05bd6ad424622a90ba9a71c6f65fede83634410e3644a75ffe080a747426d8ee4fb16fd0309c1cbd1d8755379f2d8e82c76ca1296bc11

    Download Submit

  • /data/data/com.maincertainubl/cache/oat/bbdjinjdqgcyav.cur.prof
    Filesize

    465B

    MD5

    5ca85368b20f42e8409266a2cbf8c20c

    SHA1

    5a83bcd982460fe9c8baffc76e528d5f2426a236

    SHA256

    bcc831dd2800822039a3356a9e45a706b29ee226564977b920a51e4d36718d1a

    SHA512

    d696204909aeea90718f4369deecd932ff445ed1dcdeee48a464aa924fd92d0c08e01be27c047593c1d269882c2c61a8e52598795f9e53897e31d275c2ac9029

    Download Submit

  • /data/data/com.maincertainubl/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.maincertainubl/kl.txt
    Filesize

    237B

    MD5

    8210432e7c8d767084a16794cecee2a6

    SHA1

    3048eb59aeb883bd903dd7793cbed555d21d658d

    SHA256

    c400ffa190b4f49d066baedba5b592e05955c97426d25756c5d3c6d45334e7c9

    SHA512

    a30179400bbd6be11208d4426014c3491fa34f179311876834c4dc0d05c8efc66529b06fd2795e58e5860b98dddd864535dd1101093d5bbd23e08b07e72ad42d

    Download Submit

  • /data/data/com.maincertainubl/kl.txt
    Filesize

    63B

    MD5

    6c0ed9a64b3483d622fa216c61ec6f01

    SHA1

    da2520a3fddb3f4d110adff2e2abf5adab250e16

    SHA256

    7ccd9947424f2f270a1771976b46375e96e362090f30d6e67ebbaff36ebd2e8d

    SHA512

    57230a66d2f733fd2a6677499b4c2dd95f469bef25d812ccfb68d0a0b75b3f5305731ca8fad775ecdddbe1dfa80d130e48d0895c19c8c81496fa39e7c3125612

    Download Submit

  • /data/data/com.maincertainubl/kl.txt
    Filesize

    54B

    MD5

    2428b89b348685cc50ec8b4e491eddbb

    SHA1

    918327d78b331c25552e09edc9f5592bddb417e7

    SHA256

    c7727f198e80c2dcca467f8ef1dea378eee061a3451fc99eb3f52b30b6c893e7

    SHA512

    0036326c494f75e249588ee6c2569992df8fe28f4f56305c469d6dcb708323cf31dea0ac75f46cc27eac8bc3470990e8f91a39aaffbd81fd77f31bc6b8085fb2

    Download Submit

  • /data/data/com.maincertainubl/kl.txt
    Filesize

    437B

    MD5

    b4f09a5e0d5ce6fc13fdcc223110ed61

    SHA1

    58100ced9cb0726656c5cc64752ccbae46091198

    SHA256

    ff9bed0eec3a4a1e06d41a7747c30ad9aa4fb7a9cd9e69811c7ee506a629555f

    SHA512

    ee05f98c1f4779463714d43f3e3b50f0a3fdbdc301148d5934b3f45dac455ff401bee7da951b86fb5bd3a773483fa25103c03b40414d861cdbcf412f38a7692c

    Download Submit

  • /data/user/0/com.maincertainubl/app_DynamicOptDex/uE.json
    Filesize

    7KB

    MD5

    1a7dc908f57f23353712a5e9a6313027

    SHA1

    b0d687e2d350c32b45002247274e37ca5b0925a1

    SHA256

    fae3e9547001b38a03dd4bf0a32d3c45456b72634db314de4ef4a7191041edd4

    SHA512

    c5ddc90f855fcf65890f9c98aedf9c3310f998abd8d3aaa3a4d519096de7028516e80f18cc09810dda9cc85fecb297144edbde559821e8626bbe6dbfec15b451

    Download Submit