Overview

overview

10

Static

static

10

00086a87f7...18.apk

android-9-x86

10

00086a87f7...18.apk

android-10-x64

10

00086a87f7...18.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    06-01-2025 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00086a87f752d0edb947fa663e008b7488927633afa88cf4eefc553b76ebac18.apk

  • Size

    255KB

  • MD5

    eb8040c700f3e8c02bfa1a9f6cb488d3

  • SHA1

    f94cc87a4c64544da79f17412097fe5b7cd5dde5

  • SHA256

    00086a87f752d0edb947fa663e008b7488927633afa88cf4eefc553b76ebac18

  • SHA512

    4dacca568fd34429f8bd96ddbe9b1ea6ec3b7514e8e2ecd8a829613dd481670e6152b6eb49c466b9e8386806df96b4ca2e11c1c2c0107d461b9fc25f2b9e9550

  • SSDEEP

    3072:0htNUjwlYxSeCsR266BAm7Bz1nUEF1+Tain1fNmLr5u5WDA5QIh0c3xPNyVVxHqH:0xlXepIGmNNot1Vms4DVoNo/qvudK3

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://93.123.85.21:7117/gate/

AES_key

Signatures

Processes

  • com.adaxffsfzfada.zbsvxgsvbxhdgs
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

4
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    228B

    MD5

    69b8f249ff3bbbe245eab59ae1dafddc

    SHA1

    1114bfce71a72365ab2313de25c605ea54705cff

    SHA256

    29b20881ab33177891eb29a59929827099da20ce88608b84464867f5e46b5b10

    SHA512

    990ac00977764bd0b35ac40eeda5ce3044d3dec18a5e71bfbee4d26896c4c2a92460999b7e725cb4ffe7a6efc41749dc7a5fd207cacf784bb85711152d981821

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    63B

    MD5

    76e6d5e9d394b19c8990968bd8974560

    SHA1

    024a79080f93c8b32a41d1e7344d5f2d4891bbaf

    SHA256

    fd316ec51f51808fd08319b1f10a92b464847ad0d94ddfa9f611999139e3c170

    SHA512

    5e5c5203d094a2646eab4613c4d810ddbf2587bfe367310735341dc4eb71817d16badae3130da81516e88a9c1af1186317bed7b25ee0741397e79b4ffa1b7c58

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    54B

    MD5

    ba49da2b80fbfdf0bf6e226894e78382

    SHA1

    9abb9a53d9d7b88ca38037a1dcaefa2b519506df

    SHA256

    c63ae0455f98ebde7dc7ece00dcc0d299a99212596d283c561c632a37bfe5b44

    SHA512

    447b85b753cda93dd916daf400205197e3802ff56f485420b29f4d283f07c04ae4ff5a60ffeed5708550fc4c55e4c057c864bd5784aabd3cacf5e7e613e0155d

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    419B

    MD5

    218f3c0674458c8777a0a132977f79b8

    SHA1

    237f0adfb77d3b145f8791d89298ec5ee3da1854

    SHA256

    8b83f76f6c97cc10c2ccff299137c92f9b5ed15eb00fe645d78b6c18cc75dcea

    SHA512

    27378d6d67e4e39c9b113eec67b38a468a2203d81cfdd19e7b283e73a87528f91e26ee5a033e438ce5e3316160afb2c8da56073d63dc3ff70d2b64277a727b8d

    Download Submit