Overview

overview

10

Static

static

6

e-Devlet.apk

android-9-x86

10

e-Devlet.apk

android-10-x64

10

Analysis

  • max time kernel
    298s
  • max time network
    304s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    17-12-2024 07:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e-Devlet.apk

  • Size

    650KB

  • MD5

    17d8046f293f1829e81fb2a078bbc5c7

  • SHA1

    63bb752bdcaea6c5af9b45bd30a1bfccb84b1627

  • SHA256

    5c4846324a80e389e88d56a9a2af76a940be68a9af6a6ebf7991fa151ee57e1a

  • SHA512

    a59e2c6eb318e06d6c4cd8f210392a6eaad1e8f3efd42b3a9ec6b7794e1108abf6fb0855411bb7e6dafeed47306e1247264ae6bb340ec74a3e5f0cc093bef89c

  • SSDEEP

    12288:JvsC+yHIb+P247egtghfFnteJYAPCMPJJVdywLK/dQLNmQ1Y9wkKSbEYXfQce:JkCFH1VEfFte/1pkh/d6KwobEg4H

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://85.209.176.160/sbffpth/

https://85.209.176.190/sbffpth/

https://alinmamisd0main1.net/sbffpth/

https://alinmamisd0main2.net/sbffpth/
rc4.plain

Extracted

Family

octo

C2

https://85.209.176.160/sbffpth/

https://85.209.176.190/sbffpth/

https://alinmamisd0main1.net/sbffpth/

https://alinmamisd0main2.net/sbffpth/
AES_key

Signatures

Processes

  • com.cs16jailbreak
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5076

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cs16jailbreak/cache/nhsqwzy
    Filesize

    449KB

    MD5

    c51a3de27e1dccd5977d0bc025d56370

    SHA1

    02132d9e876316634fad262473f531d8d7507c19

    SHA256

    2afa5e915b8dc0b0c9f397ef655ca5a59b90ea31bbf19954d01c36ec9a6e7823

    SHA512

    12806a63f0c437bfef78a5c01e6a196b4ba42024b1f941c4a19caddbea7524ece58233cab8ffef2be5656d7deb89af5537e661008a17874992b55c647b80c9b4

    Download Submit

  • /data/data/com.cs16jailbreak/cache/oat/nhsqwzy.cur.prof
    Filesize

    458B

    MD5

    a8223694041c79f6d17958ed910e1e06

    SHA1

    ae38ae3917a41895e08c7d8e39b5f04d77ff734e

    SHA256

    05b4e2c824e1ffabf6cec68f67d50047b0044c7cb15dfcf38ba9430b8a5c0e1f

    SHA512

    367f199c7f82e0bc6c728f17d5e8903818a78119cd405da6ee7fc70bdc26defdd3a4be02183728e484bc66726fc52866245b10347ab02a08c401eb9ee69950b9

    Download Submit

  • /data/data/com.cs16jailbreak/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.cs16jailbreak/kl.txt
    Filesize

    63B

    MD5

    2bb5bc912dd59db1a12dab67816f1aa7

    SHA1

    f4bcff3ce0d1ea5f67077522c749e43406c989cd

    SHA256

    29747e236a3ba9b39195284df8222ae7bac2ad47ac80e3cb50944a617a689ee1

    SHA512

    96378ee1a402d864e351282f957e670f0ff8731137a6bfa45d85ae9e73bc125b5cecbe9fd09fceec5b3edbbb64c5d48aea20378c03a29a37d4522f488f635ade

    Download Submit

  • /data/data/com.cs16jailbreak/kl.txt
    Filesize

    58B

    MD5

    a4089bb8a8152bef90ed3a177ad0df3c

    SHA1

    567db0320c8e1614b9b358fdbd2059e6ec59df6c

    SHA256

    298329506b902c47eee5a78636ee96b8892c5bc7b63c2fbcab7d48124c9bba0f

    SHA512

    c51202356051a581fd6261dc44ef308d7a7df2abb655df0ee4c1a0adfea5d340eb30486d4b3b418073ac9f313bbe5a7c7d556a4e03da9e1593bece46a786911b

    Download Submit

  • /data/data/com.cs16jailbreak/kl.txt
    Filesize

    62B

    MD5

    9cc060544dbca64761f8bd009ff50c5c

    SHA1

    091634d853018042ac4ab74f8df2e6361ad271c8

    SHA256

    5e1a8715562d828bf7741369293ebc191c7507315764ca8e97f7dc8bc12b3bce

    SHA512

    f3b059bc9b9fcb9689008f07ef6fedecab6dbb14574081903d274d76e7327fc572bd58d9a57df194374adffc6152ac26a3394484858a582fd9c200670b660b53

    Download Submit

  • /data/data/com.cs16jailbreak/kl.txt
    Filesize

    427B

    MD5

    5fa2c9ee432c15a3d74a3ab56354be83

    SHA1

    a4b86644694fb737c4347ce69e2a2b90b6525d19

    SHA256

    1380fe9841c6704678c11664fd3402594337d0abdf9eddfce5db8a2db0c2b97a

    SHA512

    47ec681a897d2ba53ed0b2e0d391e1116d6e99540b0db07fe066231ff3d5c6d32e5a9a2d6f1922695a72beba045aae7af391589dbbacf74611193d8c01a8f562

    Download Submit