Overview

overview

10

Static

static

6

bae8e8547b...bf.apk

android-9-x86

10

bae8e8547b...bf.apk

android-10-x64

10

bae8e8547b...bf.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    30-11-2024 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bae8e8547bd334de011f07c338aaed16d134f7e9f70f4cfd562bfc62a944e5bf.apk

  • Size

    256KB

  • MD5

    4ee277a510ecd1635eb5a08551f29951

  • SHA1

    36a2d622862f5794904cafb16b17051966241a24

  • SHA256

    bae8e8547bd334de011f07c338aaed16d134f7e9f70f4cfd562bfc62a944e5bf

  • SHA512

    e536f17849498be13869367642e0674079f4ab4dbf321577fed6bc5b2a68bb807973b220079b4d219404f31bfaf3f2718804feb97428cc76685727b9aeabcccf

  • SSDEEP

    6144:st0A4g8fsuojKDVoJfEPY10ShOEJrWSw85eWBc1l1zg8:ng6EyV6MP9e1Z58l1zg8

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://154.216.16.134:7117/gate/

rc4.plain

Extracted

Family

octo

C2

https://154.216.16.134:7117/gate/

AES_key

Signatures

Processes

  • com.adaxffsfzfada.zbsvxgsvbxhdgs
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5135

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/app_apkprotector_dex/classes-v1.bin
    Filesize

    451KB

    MD5

    9cc81089c0e3f7b73bed57a85c6889a6

    SHA1

    03c90f987b3bb7627ec2340e772e6935a8ac931a

    SHA256

    6d0a63cfc0ca9e1925a32d8e063b580dda15455a2388e7f7f08288b1d1336129

    SHA512

    fe6231debb93982060a594567ae175cf72ccaec512f0a6c965d1cbd40db7edbf31fd90cb353a33369762bd2ab8ec8f22372551a256a56916f0bc4bc6d92392c7

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    230B

    MD5

    d6c2213e43d3e1d36c0651921b6f1adf

    SHA1

    830adf0197c4fdc3b220cc3f354e0d5cd8e946a6

    SHA256

    c2c8ce7317574621eb84f593da11d777f0069bbf25f4fe407616d3754ae901d6

    SHA512

    35e4a36acf5b6fec9ecd2071192bea7d0774bddf5a6ecec349164a9d9c888d1b3ea4b5eb9047e54c0374d1c1e0eeb9262d6dafd492c41fd6505afe6b42064bb5

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    63B

    MD5

    884cd72d1577418a9c8b6b2db3025a34

    SHA1

    e502e4f3f20aac7d895fd400700e5c25beb38bad

    SHA256

    724de6f56c44f8a186ba156d3dbf24e926e3d125d8d45ab67dbf847e006456e0

    SHA512

    6d86ddf56881c7e57f4fa1ecef7087b9ae225a0c1519c89301b42e9df9031586115cd750321dc35fe3f7ebbb7224101f8220c63474c0a21a36af0b6c90b4f129

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    45B

    MD5

    383d71501476773fccada39f4ebb27e4

    SHA1

    bb676f1592631b8d3b478fd216158d1222712282

    SHA256

    a5dc3392ca0f5d373ab43be7baae793ff21a4d012a891a0ae8aa4d1bfd0d7e83

    SHA512

    9a694b2a05b10e215fedb513b489d7a50bc2875eb0ecec88c504e630416091d1b747e56eba4a3f10a4a5269d9b1d3d1df48042021b0664cbf015088e004ec861

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    423B

    MD5

    5dc72b6c3e0ea6d131111f27fb1d8c67

    SHA1

    bd564dc565b8187238f62f2e5846ab8cf54029db

    SHA256

    85786f06ee448d08b779fd411d59a147ca0f34f05a96a5acd9d00a9698311c80

    SHA512

    5b6d3b0e4d58f34915cfc173fa65c4ba1bb7c5e47cf981dbefed9acbd51c8e5abd267780d999ccda3b2485fb51b3a78c05fb9c46a39be5d5705770e4b5853411

    Download Submit