Overview

overview

10

Static

static

6

033b4397cc...bf.apk

android-9-x86

10

033b4397cc...bf.apk

android-10-x64

10

033b4397cc...bf.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    18-12-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    033b4397cc88de8ab1be120ed77f4c0d9485d11580fc06ae47125a9568527cbf.apk

  • Size

    3.6MB

  • MD5

    0117be2e1470648b40305597f94fe756

  • SHA1

    9a232364940a5c79fe6949df489b35d662421ed7

  • SHA256

    033b4397cc88de8ab1be120ed77f4c0d9485d11580fc06ae47125a9568527cbf

  • SHA512

    a9596dafbb2b38b63448498632ee49b9defd57eddb72befa517e1427c26227cb7b5ebdd955951f8f6f59d045efeeedab32c7e69cc7a1fa8d27f1b5d0a492f7aa

  • SSDEEP

    98304:O0E2p7iAgJ6nG+tk8/SWHyzn64fpXU0Mn5nRI+n73:O0lliAWUhtpHyzn6KpX05ne+n73

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://154.216.18.131:7117/gate/

DES_key
AES_key

Signatures

Processes

  • com.stjppafdx.uzdydpiiq
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5063

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.stjppafdx.uzdydpiiq/app_dex/classes.dex
    Filesize

    819KB

    MD5

    ae599bdc42739b7bca0f546c3a5fcb97

    SHA1

    b4113acbe8ccdcd7b8bc016da6f1b7f3c3f0155e

    SHA256

    b35a752ec1a2f763a5211d6537f9b8d30a2f7601b54634aa713337924cc83c8f

    SHA512

    26a99a8c6e4156083673e3ab80cc06f7be688543c7849c3170b9910c093e38fcc9316ef084dd4e60c1a1bd6ff34e266d5d9ef6ace904c9dec1d7249baec7740e

    Download Submit

  • /data/data/com.stjppafdx.uzdydpiiq/cache/classes.dex
    Filesize

    207KB

    MD5

    97378f5ed29bd1678fc57c02326810e3

    SHA1

    95cd310d834bd07d7baf98cc84cc1f71d70f967a

    SHA256

    2d03892b2ba46a4809e777f2e154f9717848200b993e67dd29d132d77ac98e59

    SHA512

    b3cc70d0b1cc0a62ff864d414ca58ad07369f6a45397c795453b62d6e5b523a742c637cacee0e0be43bac21f3d1177b06f1185395a613fff0bea4eac9430e8ff

    Download Submit

  • /data/data/com.stjppafdx.uzdydpiiq/cache/classes.zip
    Filesize

    207KB

    MD5

    e8a31ba69419ba55b87b8deae4a696a0

    SHA1

    e7588770b82763f4df450dce1a5b3ee22a0989cb

    SHA256

    9f37b023fba74e692df534fad8aeb9d93f4c15459d5191df369e0650016e84d5

    SHA512

    d3fa44204c7dcbfae6d29b93cd534ba4366c9593f2488d54600adaa7663d54d831568b9234e7bc5f2c5fa274b459445ebf980af316c86ef06c0b7565b01f5f9e

    Download Submit

  • /data/data/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    230B

    MD5

    109fcb6db84540c9e7362507e9f0ecfd

    SHA1

    2aa4e0b06a5614b1e73c69c450c26fef778cfd22

    SHA256

    f883b23a3cb7910bb4250da5984200bae4fdf66f25bf2adc647a12a68d75ea1d

    SHA512

    4bb1f940d6e9877af60424ba40e704f3b7f692fdabbbd03b6415985aaae83752d30e8b26d86dfe51583e9b6e9d31d89a2a9002bf0acc390cc972c674925c5605

    Download Submit

  • /data/data/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    63B

    MD5

    78457ba1f1b6b3d6d7388b5d3fc936f8

    SHA1

    5ce5d7ac3ce816301b6b984bfcb250b8b88ca300

    SHA256

    0cbfc23160b87ffee3cabb5a678881636b6d9832aef57a66def7df42f8b59d5f

    SHA512

    f1478d99463c22e829cc152170f8bef58840b1262d79c00408c7f1170761a5919662e1583bc9a77a0e41350ad025889b415e1757209fcd0bf1531d3975f333dd

    Download Submit

  • /data/data/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    45B

    MD5

    f339418472891e5ef50d305fd46ef8b9

    SHA1

    f7e919059e36b0b87cbe95a51fb495da8858e4a5

    SHA256

    f1bc6325b582a941da99a11d3351e50f4ae1fe7ce8ab6585c35559defcad2933

    SHA512

    0bfc2b975529ff6be722c75d74d8897c78a3cb94adc450aca510b6291dd7e74e0ec56eaeac1e973df246097f3ae23e34dfccb50f987c9ac24d6afea69df8df83

    Download Submit

  • /data/data/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    423B

    MD5

    42bd99a1caa741738ad801a3840675ca

    SHA1

    3c877f13774631b4bb322e60d1cc23b1cadd3c12

    SHA256

    c543ee2738ced8344ae9c09640e60a13e3ff1cc0b9534f1c20a7db75fdec9698

    SHA512

    a2d9eda09b03585879f20eaa0fd6111d595707b78670e5b5b65cb9ad036b7dfc195daef9e011182622a52dd57420ae24428262c43ab074ef8e4d0c9497af3f0a

    Download Submit