Analysis

  • max time kernel
    38s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    16-12-2024 22:07

General

  • Target

    c8447cc288f06fdfd2e889c545f90b0f15664594475144df33ae2b02e4bd93fe.apk

  • Size

    4.9MB

  • MD5

    bb130a164b2a71532f6b7872d133086f

  • SHA1

    7637060996efba7cb1c4fda0bd2af2a7cf3694c9

  • SHA256

    c8447cc288f06fdfd2e889c545f90b0f15664594475144df33ae2b02e4bd93fe

  • SHA512

    a7885b6219c03e07b483148bdcf9a581ac45302b9b1c8fab70e0ec814d1803876f3adb9c21db0ea63ad88d7615fda8ee871bf1804cfecb480a2245f743634291

  • SSDEEP

    49152:HYRsEXO2Eml3KhM3X5V45iS7xrGjr+6Q3vjVKScsBUfKCv+KlZG5eMPOvvlf8:4Rs4VFQM3Xs5iSRGa7VKDD+d4TvvJ8

Malware Config

Extracted

Family

octo

C2

https://7821a323265ccf08b2c322c82f56b7ae.online

Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.infinigru.police.phishingeyes

    com.cibc.android.mobi

    com.estsoft.alyac

    com.ahnlab.v3mobilesecurity.soda

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key

Signatures

Processes

  • com.notifierpush_com5
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4949

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.notifierpush_com5/.global.com.notifierpush_com5

    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

  • /data/data/com.notifierpush_com5/files/.s

    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

  • /data/data/com.notifierpush_com5/oat/x86_64/[email protected]

    Filesize

    164B

    MD5

    27d7d657bf251a13d415bca43e340222

    SHA1

    2461065e96d9f7ef176b1cbd08c95f630b32bbbb

    SHA256

    55392f5f0790302bd1ae2b24d3f5dca9c2b12e2259fe2f07378c4f5cf4a2fe92

    SHA512

    f1749cd43a0ed7aba5d918e2d8d92afcc8e951478f0ad453fc6a0cce1f2363a059b4db4e7ad5d4b8aeca4d12e1968514a3d3df18f8ee02bf67c0ab38a299918a

  • /data/user/0/com.notifierpush_com5/[email protected]

    Filesize

    526KB

    MD5

    fc7955df9b07d65fc5d24ee1551f12a1

    SHA1

    06530735c0c0a6e4040c5cf4afafed4724e98cee

    SHA256

    824c1b2a9bfd4538952927ca46f478d71b749686a26955e8ad99a8aab5f0cb93

    SHA512

    4b870e2f014da3d27b13045e6ed9d0a541525a028f883aa3f6e054dd64ebf5be18d468db26564a6d10ebe881534cdac0feaa193c21ea47ed69f238df96c48f1c