Overview

overview

10

Static

static

6

bed1d48ee4...d3.apk

android-9-x86

10

bed1d48ee4...d3.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    02-12-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bed1d48ee44fcb2a3cda906b19205105a24d311b979932529807b6ab0985d2d3.apk

  • Size

    577KB

  • MD5

    7bd0620af2442abf88d1b86ce3a13d53

  • SHA1

    ed59f857630d2e419741cd018c8083bf1e5b01a3

  • SHA256

    bed1d48ee44fcb2a3cda906b19205105a24d311b979932529807b6ab0985d2d3

  • SHA512

    4649bc5c1e081903283f369f62215ef8f9159da60f1709744189bb4ea310bf3fe4268b4f233ce74cc078a19616d11d9abe5731a5bbb11c77701a8a853a80ea3d

  • SSDEEP

    12288:kQB9XcS0XtRsOtwnmlu4r2rnu1cYqG/Tg+zRlxOf+jo7+zkGs5mbxT:7yXTX6nxSFRl48WIbxT

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://85.209.11.84/YjcyMWYzZjc5OTUy/

https://32fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://33fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://34fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://35fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://36fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://37fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://38fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://39fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://41fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://42fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://43fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://44fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://45fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://46fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://47fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://48fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://49fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://50fdghhoo11.com/YjcyMWYzZjc5OTUy/
rc4.plain

Extracted

Family

octo

C2

https://85.209.11.84/YjcyMWYzZjc5OTUy/

https://32fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://33fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://34fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://35fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://36fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://37fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://38fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://39fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://41fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://42fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://43fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://44fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://45fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://46fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://47fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://48fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://49fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://50fdghhoo11.com/YjcyMWYzZjc5OTUy/
AES_key

Signatures

Processes

  • com.underreach6
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4502

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.underreach6/cache/oat/wtuurp.cur.prof
    Filesize

    333B

    MD5

    a257d5a974a12786882128d24d770504

    SHA1

    cb1f29d258f395227cb4f4d852602c9d8055ff8e

    SHA256

    202b769b8940823797baf77bd03583ab09771e74cb2cd42914d91a8fff03e348

    SHA512

    a0c9dc8e678e3eb232bf3f2fdc1f467b34f5dbcbe730c1b95a4117d18c983ad9e1f0ecfa5a3515fa71fabb0f8f8b69249134c3e0efd1872e60258d3ab2c4d040

    Download Submit

  • /data/user/0/com.underreach6/cache/wtuurp
    Filesize

    458KB

    MD5

    fb29e45060fd519515980d71abb713f9

    SHA1

    fac66d84b242f6bdcf814d23dfc29382fd52d51d

    SHA256

    8f54bc1fa06d2bdb5a15f91dbe8cff6a0481a70a027c5e5ea31fc9704a7a3997

    SHA512

    f860c9e605acdfcebb453b3e61efa3e40a5e08e5d15074e6f63e6496c08fc6547167cdb6b05092ca17553781de2ca6db37563fabff2f1dbed5104c66acb2e290

    Download Submit

  • /data/user/0/com.underreach6/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.underreach6/kl.txt
    Filesize

    232B

    MD5

    0b8f800ce1100ee318765d05f50ea4e9

    SHA1

    ef82f513586e3143ae324d6c7bca8cc4ed0298d0

    SHA256

    8578f9093c7df61e334995069da614b7bce17f04b7d4c803f4254d19c065affa

    SHA512

    ac302ae3bfe1ec78548dd608a84f8e1062908a67f799af8997164977b41290eee0eeccdc84d1217eb44608dfd2fdd9dd87cb7dd89be205c9f852405c008c8ee3

    Download Submit

  • /data/user/0/com.underreach6/kl.txt
    Filesize

    63B

    MD5

    e8274fe56a8529097e465d1ee7b1494a

    SHA1

    c271b09bcdfca46f9838cb46909d72caa4744697

    SHA256

    1b3bdfb7a0a720388efba6f68f19e91b182d86fc1143b11230ddd4a48b5f25e9

    SHA512

    a7284e10daf2cac07493d8760d3dcbee355c4182f4d201fa5d4092f7b181cd17b6364d1ae349cc74501d4b282925041d2a4d92620c541619105a0fbcba0652da

    Download Submit

  • /data/user/0/com.underreach6/kl.txt
    Filesize

    70B

    MD5

    f0044b0c2a276c1584db1d53c1557367

    SHA1

    de88b3ec2d9d70dfd9ddf4b0743997be9fc4bce0

    SHA256

    41cc5b95fb72eeabae2bb76003874557d87222a6e04cdd9b01e44a660a1f82c2

    SHA512

    9bde7c329eae99f1d5be1218c020353257b9ed655076ecafd1d5fae06e7ef9fa2e74800aa1c9877b85b69bdecea90dc3da546303bf9cc7d4620c09ddfdd0aca2

    Download Submit

  • /data/user/0/com.underreach6/kl.txt
    Filesize

    45B

    MD5

    ed81bffafb9971b7be9ec0c571f51958

    SHA1

    df10ee24af2f210d33fb1804f1a90a7efb836ff4

    SHA256

    48ede9f867428bd456374693899c9f5620bc9effe2e256f3f42e20348a4690a6

    SHA512

    d8a1f8bfbaa920156c9c1fce744ad9ec6c08f05415e4046407c0e847b2a01c5e082db549eceb1b6608a9b4eec0ed93b3416389b3208634bd70c8675540427871

    Download Submit