Overview

overview

10

Static

static

6

254006bee6...2f.apk

android-9-x86

10

254006bee6...2f.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    18-12-2024 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    254006bee6fa65b2a4f827a6d9df24df326cbe7440d57451ee215cafb2a61b2f.apk

  • Size

    1.8MB

  • MD5

    860df8edd87bf26e99af42fb7a17bd04

  • SHA1

    4d3e1e817df778031623deafdb7e9395ed3c18ff

  • SHA256

    254006bee6fa65b2a4f827a6d9df24df326cbe7440d57451ee215cafb2a61b2f

  • SHA512

    89f464b7eda05fcbb7252ed0b4467f28fad8569ad578e908fc037f92bb9d6f42dcd1f3cfca9ecc66a5995926cc6e6cea4b01c28b2692ef8284cde971d8eb583c

  • SSDEEP

    49152:aETpI3ny/qix/DIaKCs3BdOAYQhGkxsS1ro2T:d4iqi1kTsQhGYow

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://nuhimush6712.info/MTU2OWE0NzJjNGY5/

https://kijuolobtreshu31.pro/MTU2OWE0NzJjNGY5/

https://aganimsharse671x.live/MTU2OWE0NzJjNGY5/
rc4.plain

Extracted

Family

octo

C2

https://nuhimush6712.info/MTU2OWE0NzJjNGY5/

https://kijuolobtreshu31.pro/MTU2OWE0NzJjNGY5/

https://aganimsharse671x.live/MTU2OWE0NzJjNGY5/
AES_key

Signatures

Processes

  • com.weightandfrxj
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4512

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.weightandfrxj/app_DynamicOptDex/Hrg.json
    Filesize

    1KB

    MD5

    b0dd0407c9ce4d064c4daa90c591fe40

    SHA1

    6247de91bf24452efb02840efbbc9778c1866d45

    SHA256

    3d24a74f6d4655ff18c9764b02c742e04861fab575f981d20e1f55b745aa8edd

    SHA512

    59ebf2cdc056a9b42e34b0a6113ed414b957529822fdbe6e8f63650e20a560df2a0394e258c15e6003345f6f9e587429d0336b8becbd91139dc23ca0bbc022f3

    Download Submit

  • /data/user/0/com.weightandfrxj/app_DynamicOptDex/Hrg.json
    Filesize

    1KB

    MD5

    8357fe55de972137ace700aba4163a54

    SHA1

    74f792e9e4f16ccb0705f6e5746ded687532c875

    SHA256

    cad19740bf95bb6a56dfb01586a593c112e086aee6e48b145623f7d07bad1d7e

    SHA512

    923673aaec82dd1a42860cbd1d5ff24b0220bf829fd1c56104c902f4b092b9e7d28b4ded084cb9ea96ea69c4c10416639eb4c11825d1c643ff650e4ee3580598

    Download Submit

  • /data/user/0/com.weightandfrxj/app_DynamicOptDex/Hrg.json
    Filesize

    2KB

    MD5

    e85e87bc8351bcc827548f7c9c81e07d

    SHA1

    1efad9b3667bdb4f21ec791ce86d1bdb9fa7351c

    SHA256

    04115a7aa8cf6104f9ba8ee8b54bbe0e358b791b1c66b787b1955b30d66112ff

    SHA512

    5fb801b5e3daa1ecb197ec147c0f2ee23409139157fd50a746c168337f8b0e757f6aa8e76c7d683e6a115b4d775bb4c838a65c8ce246de79aa435fbca5132eac

    Download Submit

  • /data/user/0/com.weightandfrxj/cache/oat/vmigztsnwqnr.cur.prof
    Filesize

    330B

    MD5

    598bc2e20c7d0694f8984d53829c6868

    SHA1

    8cee5b79a3ade179bfa5999465ab16f0d90b0f57

    SHA256

    061507a7b34ec79da1f3a34b08d55d0a85ea7059677a6e4e883687d12688ff66

    SHA512

    9565565abf9043d564ed87d7b2b9ebe4219114ee683010b663e8233b48a1a519be5c2b8dd8a3b7d074ccbe9751cd986de84c2a61810f46b7524db204982018cf

    Download Submit

  • /data/user/0/com.weightandfrxj/cache/vmigztsnwqnr
    Filesize

    456KB

    MD5

    12cbd0da8d84af0feb1fa35a67bf5e15

    SHA1

    356bfd29a838d7b2886342528cb8110c07c5e030

    SHA256

    36b44d76926102443b130b2c3d332d081262e63b478d4c0b26b485c657f22fed

    SHA512

    7533c8111f05966c5d141988badc89610c5410262b2fb37044da2699a633575e947c6dd508cd7b3763eb74ffff3f86db23ba3c7edc60a1761f2255769aba8c62

    Download Submit

  • /data/user/0/com.weightandfrxj/kl.txt
    Filesize

    79B

    MD5

    35adef3e78b3ba437ee05dd50eb031fa

    SHA1

    b7261a987e9823e5480c1d580bd3b1bd2f2e778c

    SHA256

    8d065e48e68e387dfdc1e834743a9638cc34f13e0a2d17f4fbc28ec0e5c93329

    SHA512

    788cf5cba0b6756f02d809a30517ba1550c6d84a72dd842f998db080df648a231c1cc021baf12cde8e6f5e3f86fe8cc3075b86b1c32984af395fe0515ae6cbf9

    Download Submit

  • /data/user/0/com.weightandfrxj/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.weightandfrxj/kl.txt
    Filesize

    230B

    MD5

    2041d72d17bf3cd9c9d2fde25d2cc522

    SHA1

    0ac640c62a5bb13649777ea736d754faac36caf4

    SHA256

    fad25a4ec0d70cf57cc4b6c00c07fb244837eb635310766f5dd4f50f06f3718f

    SHA512

    7924b67e979626e6f4e68ebe6fb2c02ff753c6f129508fb0c4ad6029b55f7608ccc5c11cad7f90b93ae21884fdd303c99b2fdb16e822cbdd4b2deeca041d7052

    Download Submit

  • /data/user/0/com.weightandfrxj/kl.txt
    Filesize

    63B

    MD5

    3b0d6d4b2ed77c80277ae471b521f631

    SHA1

    4b165607a0e89288d82e4a724dc1323cc8d1a407

    SHA256

    0da2644a268243b770eae844d6cdd1ffea91d7d052de1376303439301894b1a6

    SHA512

    e88725155fbecb067cf90b5a98ba981a382b0f078600c9ad4f906703dccda25a2cb50e1e1f35490f0ef3035d70bfec224f19064a7f9695dcd7a0a7860744ccda

    Download Submit

  • /data/user/0/com.weightandfrxj/kl.txt
    Filesize

    68B

    MD5

    e1a6e9238fcc4c2b63e2efc44f913242

    SHA1

    fa6c4e59c2bcd02b53d14961cff54e6fa8b0801b

    SHA256

    806086cf99373390b839c283c8e78f886cd35d6d61eb91419920333e6c7a5f86

    SHA512

    7ffb103de58cb609e290e744c1412262f549f953bba870b481304e19d9aa5b08ced06ed78149d2fd02081cd9092b07d46659ac37e6eec15c89741df4a5904e95

    Download Submit