Overview

overview

10

Static

static

10

cc68b53145...ed.apk

android-9-x86

10

cc68b53145...ed.apk

android-10-x64

10

cc68b53145...ed.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    27/12/2024, 22:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cc68b53145b77e5d5bb81991dca44c0f39024d336d7cd7572c58827308594ded.apk

  • Size

    180KB

  • MD5

    0435c65ad98099fee44d65da9d7d196d

  • SHA1

    906fbcbca5d4c1ebf5c8f0e49f68cd844c0757d0

  • SHA256

    cc68b53145b77e5d5bb81991dca44c0f39024d336d7cd7572c58827308594ded

  • SHA512

    e0d2380dfab8a193462fb2a961261dfa1f1f8f57bfe2fc8c3c89c6fb756efb8eeef6173f00ab319ea193bd991b76e9a1368b5354883bbb3fcb8f344994a1efe6

  • SSDEEP

    3072:KYn1nhT62SBg2bF1vEGFMnF3PPY3ASLdp7QD/QkPXPMqzdZlMvklZT8XJBMCZ:/nl5SBLbnvFMPPY3ASLdtQD/QkPEwjlq

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://94.103.125.49:7117/gate/

AES_key

Signatures

Processes

  • com.governsaidp
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5140

Network

        MITRE ATT&CK Mobile v15

        Initial Access

        Execution

        Persistence

        Event Triggered Execution

        1
        T1624

        Broadcast Receivers

        1
        T1624.001

        Foreground Persistence

        1
        T1541

        Privilege Escalation

        Defense Evasion

        Foreground Persistence

        1
        T1541

        Impair Defenses

        1
        T1629

        Prevent Application Removal

        1
        T1629.001

        Input Injection

        1
        T1516

        Virtualization/Sandbox Evasion

        2
        T1633

        System Checks

        2
        T1633.001

        Credential Access

        Clipboard Data

        1
        T1414

        Input Capture

        2
        T1417

        GUI Input Capture

        1
        T1417.002

        Keylogging

        1
        T1417.001

        Discovery

        Software Discovery

        1
        T1418

        Security Software Discovery

        1
        T1418.001

        System Information Discovery

        2
        T1426

        System Network Configuration Discovery

        3
        T1422

        Lateral Movement

        Collection

        Clipboard Data

        1
        T1414

        Input Capture

        2
        T1417

        GUI Input Capture

        1
        T1417.002

        Keylogging

        1
        T1417.001

        Screen Capture

        1
        T1513

        Command and Control

        Exfiltration

        Impact

        Data Encrypted for Impact

        1
        T1471

        Data Manipulation

        1
        T1641

        Transmitted Data Manipulation

        1
        T1641.001

        Input Injection

        1
        T1516

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.governsaidp/kl.txt
          Filesize

          28B

          MD5

          6311c3fd15588bb5c126e6c28ff5fffe

          SHA1

          ce81d136fce31779f4dd62e20bdaf99c91e2fc57

          SHA256

          8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

          SHA512

          2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

          Download Submit

        • /data/data/com.governsaidp/kl.txt
          Filesize

          63B

          MD5

          4bf4036e06746e42888464acc5207259

          SHA1

          a8e87190497603cf69a2f878b774a713f334974e

          SHA256

          0bfd7c7f1668923259c8c8ca938ca8b6cd6d19684238dc048120546808ada8ba

          SHA512

          374cf3910a6c0560cf60162f659195dd51350bbf3124cb5379a1f3950cb74b0058595891f21c95cf0a1aeb801d458aa498569748a8397328abd2c5774eca1e30

          Download Submit

        • /data/data/com.governsaidp/kl.txt
          Filesize

          45B

          MD5

          0987bef98ac1b806f2ad5f76ec6be3b9

          SHA1

          e47fc3b3c4fccf4105d60ad592a8198a5de24045

          SHA256

          fd7b21464d56d7463718034410832521117e5ce397d55299330d510047d09a73

          SHA512

          728286c2b3044e482f9e23c721cf99c85629db3d06fae4e93e6785c8d1fc75eafc443cbfbed25f2e7eafdf205eb34f8ed2d6ce96aba6c0d265cee109be940fab

          Download Submit

        • /data/data/com.governsaidp/kl.txt
          Filesize

          67B

          MD5

          72c5a81097bf6d8212d1f5bae15c8301

          SHA1

          52f734183c4b9f36fa53eb8bc8a21f2d464a38ff

          SHA256

          01234da71425b64aafa542b18be1f01d4df9b93551fe7c3c607343fac718d88b

          SHA512

          0199d408be234b871f301997b7f71a5b01721458ed563c10bcc67954f11977a617a82c46ec0f20640abb2ef7a44db88a7e5d69e8d6ecd7616dbc11f321b9e23f

          Download Submit

        • /data/data/com.governsaidp/kl.txt
          Filesize

          437B

          MD5

          099f62c4f5f9f3769c1126a8e85258cc

          SHA1

          3f4a1c09c606087a0661cd0eec2c4849a33ab602

          SHA256

          e8dd248c9501e19fae726834d398c433b328a82e4d835343a413f2344800ca91

          SHA512

          fe9551459716f8ba26e98ee6b7d7dd5a0273cb2dff7813331b344c39475c612648aa3b94c697b5ceac7932ba44c26db51e77947c3f014847e175efb58499136f

          Download Submit