Overview

overview

10

Static

static

6

c1dbbc3369...4e.apk

android-9-x86

10

c1dbbc3369...4e.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    21-12-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1dbbc3369667c39a029839dcf9746491ec11e5d1c76b169d86cae9a0532534e.apk

  • Size

    1.8MB

  • MD5

    622ca30d3baa9fdbf9a1c9d93f3d6a1f

  • SHA1

    c0a5a9d8aefd9b241b77ae263585f0adbb72c75f

  • SHA256

    c1dbbc3369667c39a029839dcf9746491ec11e5d1c76b169d86cae9a0532534e

  • SHA512

    16359d10e7442b2e8df6383e9ec129ea1dc1b5f54b2e5643bb833ac5c7130ee1918bf5a8737d0f917fa135dff7aef74d24834b8f6857e85e1f669ac979d74bc6

  • SSDEEP

    49152:qUl4wa58BlautegFxqxWIU6I3D9M461MexMW5VW8oX:qam8BlNlFxFIU6IpM461MAWnX

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://recordsimo.top/ZmU2YzQ2NjZlNjc2/

https://bobnoopopo.org/ZmU2YzQ2NjZlNjc2/

https://junggvrebvqqpo.org/ZmU2YzQ2NjZlNjc2/

https://junggpervbvqqqqqqpo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqgrouppo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqnetokpo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvq.top/ZmU2YzQ2NjZlNjc2/

https://junggvbvq5656.top/ZmU2YzQ2NjZlNjc2/

https://jungjunjunggvbvq.top/ZmU2YzQ2NjZlNjc2/
rc4.plain

Extracted

Family

octo

C2

https://recordsimo.top/ZmU2YzQ2NjZlNjc2/

https://bobnoopopo.org/ZmU2YzQ2NjZlNjc2/

https://junggvrebvqqpo.org/ZmU2YzQ2NjZlNjc2/

https://junggpervbvqqqqqqpo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqgrouppo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvqqnetokpo.com/ZmU2YzQ2NjZlNjc2/

https://junggvbvq.top/ZmU2YzQ2NjZlNjc2/

https://junggvbvq5656.top/ZmU2YzQ2NjZlNjc2/

https://jungjunjunggvbvq.top/ZmU2YzQ2NjZlNjc2/
AES_key

Signatures

Processes

  • com.simpleeast5
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4463

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.simpleeast5/app_DynamicOptDex/payOt.json
    Filesize

    1KB

    MD5

    da424898c02d301b0a419abbf5c817ed

    SHA1

    6c7ff8b272f387912576df4ad55118c74a34df94

    SHA256

    bad38ec88a04f76ca76590a414af0eaf9806955d597fd17fa1058e7d8e3d7e6c

    SHA512

    d4742087e2039cbfdc9ff055a1b00f58459e8e240aeb73ac9c8fab2a81736f86059fb7e2eee32072af2763ec1a00aa702f865bdfdb3847c6b926e571ffc9be03

    Download Submit

  • /data/user/0/com.simpleeast5/app_DynamicOptDex/payOt.json
    Filesize

    1KB

    MD5

    cc93e40c220c63f9f642704fee5093b8

    SHA1

    5b921bbfbf9ba702632b509053e6714744324f58

    SHA256

    9306ed1e8741674d90223ad56f634a6e0f221a2e0b11104c1eb22300782e0682

    SHA512

    12570a02abe90172a929e7ed5f971c9752b785b0898809a798d94ab4e103d786fd01eba2446480ee4264f3d07eed6084173900d7438d3cdb28afb44d692bb126

    Download Submit

  • /data/user/0/com.simpleeast5/app_DynamicOptDex/payOt.json
    Filesize

    2KB

    MD5

    7cc1319f4eb86b3fa60cf655c49e1e03

    SHA1

    f64b4e69d44e18bab192e51dfbbca9667acc022f

    SHA256

    1b1a4b0c9df620b89c7acd1c152e7846ed382de8d10687cbb06e65446ee70cc1

    SHA512

    15b673842d6ccb4d75b2249e93c40e3bb7bcdf69f8861f4f8b8080a89a52572cb548bafe1da21c6ea868288d2dbbe6504076419d5d686b8801a83f3a7ad40f13

    Download Submit

  • /data/user/0/com.simpleeast5/cache/oat/zdewqpckklykdlg.cur.prof
    Filesize

    403B

    MD5

    71adf85774cd672dd47e320f7121339e

    SHA1

    cac7ba3d0f39e0926a62bbc5e4e1610faec635bf

    SHA256

    d86ac7d8a43bfa4271bc2d45f5dca54f1be7a597444e128599309c9a6e900491

    SHA512

    c008a7987d41494e28f36bdc3275b5e8359054da3abf45206b84e637afc56637f2c2123af998e4257e7fea4faa2b2a1f1744f51121ae92c5dae1b763cc1a4391

    Download Submit

  • /data/user/0/com.simpleeast5/cache/zdewqpckklykdlg
    Filesize

    448KB

    MD5

    acd00731f96f7a3d5c558a4e48203d8e

    SHA1

    c788859a427b86544f87e1af5d4a431d39966a7a

    SHA256

    ee3efca77b4e65501cdeb00b9760fa55d0ee7dd525936c2895cf798ee4b8f380

    SHA512

    674b3a85d5a93fd70884c42c3e1314c55a1c90eb7895b6d4025f5a7a4ae6b3fbdf1b3d377490d7c7d86150019e6e8b8a8ac94a201d5f52c390767f58e5d8e082

    Download Submit

  • /data/user/0/com.simpleeast5/kl.txt
    Filesize

    68B

    MD5

    fc968f843b34f4f04edd4da6c812440d

    SHA1

    041e29fcef84186c79cbb5f0ddc029aead0e8cc5

    SHA256

    10728060e9533c84e42df8b5aa18c589f4fe7d5da0737f362b7f62bd386898ae

    SHA512

    240d5690c9d2c68c1165ca5617c8605815b6dacf060965e6e317365ab3e5e848eb0cfa0ed55898d4a96d5ad44e26a85acb2040f296f7d5e782ff16e3677f5469

    Download Submit

  • /data/user/0/com.simpleeast5/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.simpleeast5/kl.txt
    Filesize

    221B

    MD5

    f579470aedc3910afadab863dabfcc65

    SHA1

    4a7490c4e9773fc7dd0ab991ac28906b8af17f97

    SHA256

    1cb7a5aa17fa9e7da1488ef76fc2409bff5893be3f7a7826a12d5bb9a2ea406c

    SHA512

    4b84746f9196c99fc2067183a15b692b7dccf578eb06fc227c8ed12374c669d359d7ebced292625fe48d76427cbcd37f7ff9cfc1b648535fc3f1612c590fe0fb

    Download Submit

  • /data/user/0/com.simpleeast5/kl.txt
    Filesize

    61B

    MD5

    5239b368d2c0a8c3ba52117a530fde90

    SHA1

    a72b97f20a59958168a3b71bb663af064acfba66

    SHA256

    fefa02302b3da5e7e618da1f393ae3f0f365e42fd91ab32e96a667902ccbd0c4

    SHA512

    d5cfe3de753682581b2f9817d749f80d09d902726616466f5fa401e54e22844b180e5d4c7cb3e5d397f6399a65962e41b618ebc021ad740d9b0dada1b864e885

    Download Submit