Overview

overview

10

Static

static

6

033b4397cc...bf.apk

android-9-x86

10

033b4397cc...bf.apk

android-10-x64

10

033b4397cc...bf.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    18-12-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    033b4397cc88de8ab1be120ed77f4c0d9485d11580fc06ae47125a9568527cbf.apk

  • Size

    3.6MB

  • MD5

    0117be2e1470648b40305597f94fe756

  • SHA1

    9a232364940a5c79fe6949df489b35d662421ed7

  • SHA256

    033b4397cc88de8ab1be120ed77f4c0d9485d11580fc06ae47125a9568527cbf

  • SHA512

    a9596dafbb2b38b63448498632ee49b9defd57eddb72befa517e1427c26227cb7b5ebdd955951f8f6f59d045efeeedab32c7e69cc7a1fa8d27f1b5d0a492f7aa

  • SSDEEP

    98304:O0E2p7iAgJ6nG+tk8/SWHyzn64fpXU0Mn5nRI+n73:O0lliAWUhtpHyzn6KpX05ne+n73

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://154.216.18.131:7117/gate/

DES_key
AES_key

Signatures

Processes

  • com.stjppafdx.uzdydpiiq
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4514

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.stjppafdx.uzdydpiiq/app_dex/classes.dex
    Filesize

    819KB

    MD5

    ae599bdc42739b7bca0f546c3a5fcb97

    SHA1

    b4113acbe8ccdcd7b8bc016da6f1b7f3c3f0155e

    SHA256

    b35a752ec1a2f763a5211d6537f9b8d30a2f7601b54634aa713337924cc83c8f

    SHA512

    26a99a8c6e4156083673e3ab80cc06f7be688543c7849c3170b9910c093e38fcc9316ef084dd4e60c1a1bd6ff34e266d5d9ef6ace904c9dec1d7249baec7740e

    Download Submit

  • /data/user/0/com.stjppafdx.uzdydpiiq/cache/classes.dex
    Filesize

    207KB

    MD5

    97378f5ed29bd1678fc57c02326810e3

    SHA1

    95cd310d834bd07d7baf98cc84cc1f71d70f967a

    SHA256

    2d03892b2ba46a4809e777f2e154f9717848200b993e67dd29d132d77ac98e59

    SHA512

    b3cc70d0b1cc0a62ff864d414ca58ad07369f6a45397c795453b62d6e5b523a742c637cacee0e0be43bac21f3d1177b06f1185395a613fff0bea4eac9430e8ff

    Download Submit

  • /data/user/0/com.stjppafdx.uzdydpiiq/cache/classes.zip
    Filesize

    207KB

    MD5

    e8a31ba69419ba55b87b8deae4a696a0

    SHA1

    e7588770b82763f4df450dce1a5b3ee22a0989cb

    SHA256

    9f37b023fba74e692df534fad8aeb9d93f4c15459d5191df369e0650016e84d5

    SHA512

    d3fa44204c7dcbfae6d29b93cd534ba4366c9593f2488d54600adaa7663d54d831568b9234e7bc5f2c5fa274b459445ebf980af316c86ef06c0b7565b01f5f9e

    Download Submit

  • /data/user/0/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    230B

    MD5

    ea295ca889e07c58d08edb97819ea97d

    SHA1

    85f48fe7424d2abe3ab784e1cfcfad168a113f7e

    SHA256

    315e57a386c5e479372b16c5249c9f26a41734fa545766a97e007ad9b216bc83

    SHA512

    0eac9893c78b65a635a75cb89566395284fc5a29aaae3e84e71ed0d35308ba5d1d89fb45340b17b58e3aa8078ef4d16c70d107898dd4e558340bc22aecf7472b

    Download Submit

  • /data/user/0/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    64B

    MD5

    828d7039aa8fe234a2d6331fc8ace024

    SHA1

    25cfeb4c770c8e7157281b99124c24c88edb7dc2

    SHA256

    0a523a2e2315a660b4dc9099105e08709e6189c390aea3d82844284ae46bb9a3

    SHA512

    0bbb14ca71ab734d2bfae349538f31e14be1c9f61436a046022e2da2c5ba79a6c1f7b1303c614ef9b7d9fed73a33eb61d9d1a6aa6e1d6eee892b14e05489e83c

    Download Submit

  • /data/user/0/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    45B

    MD5

    2cbef87304ee34ed5c2b59a4d67d3557

    SHA1

    e62b3abd4815f7b84d963689e9305982252735e9

    SHA256

    cab516f469b2d22f62653f8d6ae60914a0898e3a198bfe6bd0ed6cd19c070e85

    SHA512

    bde508e7d889bb40d17b690c2b37617e176aae849bf7bbbdb671ced5cc5c0c28ff45b007476e7354b6b4f63868ed7e8b8173e20cee8078de393051c6a7fc19f1

    Download Submit

  • /data/user/0/com.stjppafdx.uzdydpiiq/kl.txt
    Filesize

    466B

    MD5

    f761c27126d9fbe279201c5241792914

    SHA1

    5c983a9961a06056c45d1af8cf1452f2c7dd8997

    SHA256

    15ca673b29f22906b55420fcdd309832e4f63a12e967cd1a372728bcb7db6506

    SHA512

    7aff5c7306c75768d338259164083e24e51b56b102de6ca7350b6456030c2ffa1bdf017b56856ea760795d6d5b4bc60e080dc367cb0b5b37cd7f16641b624320

    Download Submit