Overview

overview

10

Static

static

6

2a5b685c30...e3.apk

android-9-x86

10

2a5b685c30...e3.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    18-12-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a5b685c30dbf2337faea9ab0417d666506a545b9b9ce2cfc37602ecaf0c18e3.apk

  • Size

    2.3MB

  • MD5

    5fd97616f08b29703e97037cadda8c6f

  • SHA1

    f7272c94d983d3bdd698f5ce24b3c4de0058903d

  • SHA256

    2a5b685c30dbf2337faea9ab0417d666506a545b9b9ce2cfc37602ecaf0c18e3

  • SHA512

    46eca7f56bec61d9b0b27b1307f1f2dd8dc413a21e775e5cd814b5c3437d41b241680605eec16d3ca8b4453a81d2935602a3c23645b11e85c76e86c806e896a9

  • SSDEEP

    49152:3voNod9lEUfJrSEkf13915p0ag+NtYcUcBWnsvcf03F/7D++juRhw:3v3kf13915p0agsl8svcf03F/KRO

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://topflowow.top/ZmU2YzQ2NjZlNjc2/

https://bobnoopopo.org/ZmU2YzQ2NjZlNjc2/

https://junggvrebvqqpo.org/ZmU2YzQ2NjZlNjc2/

https://junggpervbvqqqqqqpo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqgrouppo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqnetokpo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvq.top/ZmU2YzQ2NjZlNjc2/

https://junggvbvq5656.top/ZmU2YzQ2NjZlNjc2/

https://jungjunjunggvbvq.top/ZmU2YzQ2NjZlNjc2/
rc4.plain

Extracted

Family

octo

C2

https://topflowow.top/ZmU2YzQ2NjZlNjc2/

https://bobnoopopo.org/ZmU2YzQ2NjZlNjc2/

https://junggvrebvqqpo.org/ZmU2YzQ2NjZlNjc2/

https://junggpervbvqqqqqqpo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqgrouppo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqnetokpo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvq.top/ZmU2YzQ2NjZlNjc2/

https://junggvbvq5656.top/ZmU2YzQ2NjZlNjc2/

https://jungjunjunggvbvq.top/ZmU2YzQ2NjZlNjc2/
AES_key

Signatures

Processes

  • com.seemrecord50
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4323

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.seemrecord50/app_DynamicOptDex/Bak.json
    Filesize

    1KB

    MD5

    d6c1144683e562fc290020a7dc429ddf

    SHA1

    ed2290285aa55449906a78d9eeb1abcd92516b40

    SHA256

    30095185618f5a1dc553fdc0389d238b72e13aa438d9b140cb99442c32ac3dca

    SHA512

    1727fab88f27f3a94437359c0ae1955442a23e4affedd51c27ad0c942b9125c3498414e99bbf378d738b65b2344550a0f463d82f68cab92c9a4443a6f5cf1ae6

    Download Submit

  • /data/user/0/com.seemrecord50/app_DynamicOptDex/Bak.json
    Filesize

    1KB

    MD5

    ec9147ab2083675ce262edd7dd6507b1

    SHA1

    73e99216f04828906406e72891452a992d09cd1e

    SHA256

    55e6bb2c554f4f962996212731293cdb61b34b8764146051ae87abf263ee3277

    SHA512

    7d84c88261ae2b6c355ff6e77af5cfe7c245fb58d66cede2fc35c0391fd7b29f269b15b5813cd007e590f138b7679545048955cd742734daf3632e0b6cd7abdc

    Download Submit

  • /data/user/0/com.seemrecord50/app_DynamicOptDex/Bak.json
    Filesize

    2KB

    MD5

    4a4b5324d90db767f9420f5aa0eb4efe

    SHA1

    01b1fe6955e531b6ea62a30ea93170dbd31d380a

    SHA256

    eb1f100764519c7b3e77f14b284e06966c670067f7867a68090a2d535381685b

    SHA512

    3a8c92b1c7949a94a54da0de9c35c1693cd32801780a9aeeb18c530cfe530c214fd2b47b943d15f207802f171f6b47a86de54117d266386da048b34adb3b41bd

    Download Submit

  • /data/user/0/com.seemrecord50/cache/oat/ufqfiqru.cur.prof
    Filesize

    381B

    MD5

    7bc2e3b742cc21ed827beef4fd01313c

    SHA1

    9ce97e7dfe318d9ce7d79822edfbe1d4fad1cbc8

    SHA256

    4267378cc81414fc7db3d807c182952537aa55ee3469819808d8edeb6143a83c

    SHA512

    f44deb858a5019ae45f9799a061e67f603f36e54d989162f8fc6066e16ec58ce364614de923d6fb76ae0d0dbaf2b44e6541b68da3480cb5e6dce0c32f1599ac2

    Download Submit

  • /data/user/0/com.seemrecord50/cache/ufqfiqru
    Filesize

    448KB

    MD5

    2c0de30a99bb14fd2aa25eef4be4d3ff

    SHA1

    8225583d55873c798ba5c3cb81b3c0b796ee6e43

    SHA256

    56a5d625b2c185ffbbcd128e32b6ecbab85b2112b1b5a05ae4ff0648be096378

    SHA512

    f1201165d7861d7e8100aee52a48107f2f33a6ca4e74247825b04379269d86f2bb711aa925eb629d80840ca6357da1c4beb502514bcad52d39a9af154964633d

    Download Submit

  • /data/user/0/com.seemrecord50/kl.txt
    Filesize

    61B

    MD5

    0be032ca0370cea80d3461322dfc68c4

    SHA1

    25aa07e1b7920f6087afd7d14119e9c0ec722344

    SHA256

    ff3862e6d2c494db71559354dd50cbb7f25a9565d242c621e8303190206ec4ef

    SHA512

    a29afe5428daab252c1c3c56667eeb527a4dcfe19f6e9d27eaba940bcc1c4df1bf0dd57ec8b2fa1feb7faf6d39547d861c488eed2c43607fd8c7c8b2c006206f

    Download Submit

  • /data/user/0/com.seemrecord50/kl.txt
    Filesize

    72B

    MD5

    0b47b5f67754ce301e3e08228113735a

    SHA1

    37ecb57e8210402889d4ab7d4c0ae1ffc557d3cb

    SHA256

    7eac544e14f112da60520cd6d95c835e18bf8833cf142ae6a253f1af664cb57a

    SHA512

    3fa3a14a60a89dff08706e0ae9e6f2ba855d623609130af339378b56e37114d06e3f39ea3a03e2923ea50338f50b5fec7a856441c5ea5f53aef464597946b61a

    Download Submit

  • /data/user/0/com.seemrecord50/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.seemrecord50/kl.txt
    Filesize

    221B

    MD5

    b432622111461f624faa402023b97d8d

    SHA1

    3fef5063d0185a60ee55a3da33217c50476e6c62

    SHA256

    2456a2d4ee0ae50497c062252199c67b3b34e8ddab1e299886fa02be20055296

    SHA512

    4df3beb0223fc271691dc7c5935a552fb3027617250a79c5ad23ba80d870bbf7b845c21faa20bae2e0280b6f4197ff9fe30fb70b702c120a3e54de4b88762210

    Download Submit

  • /data/user/0/com.seemrecord50/kl.txt
    Filesize

    60B

    MD5

    0910760e3e058263d6bf2d5db4e6c134

    SHA1

    5793648dd05e3118567e3f72b1491bc7ee12fe96

    SHA256

    90b3964796c0ab64a2d4439d29dfcc258ae522d09609176e26e28360e133ba78

    SHA512

    8fe65a6c275ab3a62f5cb207a859dd0e8e3a3847415e8a56e701cc79d55ffc594e7a495a085e7546acb395975d3d1580000787e435f43ee71c0d1353c6cfdb46

    Download Submit