Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    16-12-2024 22:08

General

  • Target

    7d70450a895147e49d12fd4f7017c016d145b852966d8dab151738bdbe5a0164.apk

  • Size

    4.8MB

  • MD5

    77ead137753adb31c0a047d77638b818

  • SHA1

    296d1258f52975fc73ec32a28b44378d13702742

  • SHA256

    7d70450a895147e49d12fd4f7017c016d145b852966d8dab151738bdbe5a0164

  • SHA512

    78a395ff4df3b5b080db68a2f2d94d6d442a312d440338e5444dad3473246023dc56cd726ef1571c70739b8855b595b43934d1173efa73900e5e675324c2de95

  • SSDEEP

    49152:PRsEXtEbRTmKms3XUt45iS7xrGiQE1rfpjVKSceOTQBeghG8Wnk0ESrPh:PRsh9Tmjs3Xl5iSRGmRVKLyovnknSh

Malware Config

Extracted

Family

octo

C2

https://b52747db136759d3a2c076344fe27f68.shop

Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.infinigru.police.phishingeyes

    com.cibc.android.mobi

    com.estsoft.alyac

    com.ahnlab.v3mobilesecurity.soda

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key

Signatures

Processes

  • com.ajstar71providerssmart
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4786

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ajstar71providerssmart/.global.com.ajstar71providerssmart

    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

  • /data/data/com.ajstar71providerssmart/files/.m

    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

  • /data/data/com.ajstar71providerssmart/oat/x86_64/[email protected]

    Filesize

    355B

    MD5

    5be0c8873f2d99aabaead88236ce07e2

    SHA1

    a69963af1b74ee112d00311e1852b234d2a04924

    SHA256

    32342647a6a14c1640bc73817a8cd1c16bb34061a97b9134e497558316d90142

    SHA512

    a6e717aabd70663cc885a4933282c62b9dd139c47193bf3b25c669f55002af48759df6d547380eaf09ddcc863d4d639f0727ea714deeb89b52aedb4d5eda184d

  • /data/user/0/com.ajstar71providerssmart/[email protected]

    Filesize

    526KB

    MD5

    b5f04762c6592c5b7975a5e0acdd7aa7

    SHA1

    504b8c1d9b3f7acc247a707f7f31eaed8d4b5f4d

    SHA256

    515497f6df8d7e14844c72d28426f8b1dfd82d960edeb522da94aa6bbb526bdf

    SHA512

    da3089eb2a6121f4dc8f3b24d02dd8c5147b74de6c7193a5f6d6f61ce84637e5618f007b818fe9f52039ac54eea4d15fe1839934d39a3408bed97d2814a706f6