Overview

overview

10

Static

static

10

00086a87f7...18.apk

android-9-x86

10

00086a87f7...18.apk

android-10-x64

10

00086a87f7...18.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    161s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    06-01-2025 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00086a87f752d0edb947fa663e008b7488927633afa88cf4eefc553b76ebac18.apk

  • Size

    255KB

  • MD5

    eb8040c700f3e8c02bfa1a9f6cb488d3

  • SHA1

    f94cc87a4c64544da79f17412097fe5b7cd5dde5

  • SHA256

    00086a87f752d0edb947fa663e008b7488927633afa88cf4eefc553b76ebac18

  • SHA512

    4dacca568fd34429f8bd96ddbe9b1ea6ec3b7514e8e2ecd8a829613dd481670e6152b6eb49c466b9e8386806df96b4ca2e11c1c2c0107d461b9fc25f2b9e9550

  • SSDEEP

    3072:0htNUjwlYxSeCsR266BAm7Bz1nUEF1+Tain1fNmLr5u5WDA5QIh0c3xPNyVVxHqH:0xlXepIGmNNot1Vms4DVoNo/qvudK3

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://93.123.85.21:7117/gate/

AES_key

Signatures

Processes

  • com.adaxffsfzfada.zbsvxgsvbxhdgs
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5240

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    228B

    MD5

    a7aae6683e1b6de445ff2ffcb674c6a1

    SHA1

    d2927921dc0fb44d15966a6f5797bf4d6571b12d

    SHA256

    fa4a24711ad406bebd37d9fb5437410a8019a412721555b397617faf2b47ce0c

    SHA512

    a9b87fb5ea5d1ebd711ec5b473699f80ccd70c580797c20739ae9a24bb9eb080dd21e4cc96778f91013141bf121bf7beca9f1ae3619c9427256a62af388bb62c

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    63B

    MD5

    17eceb575e3909bce5bf18bf4422f68c

    SHA1

    0b21bcf4b75420088c2740fba3a986f10dfa4586

    SHA256

    b092bf197f9b4a3bb650ee76d76b6da2438ffe21b2346fe10d6c7631f1c6e0bb

    SHA512

    d1d6d9de65b1b862aba555cae7a4140c35d3eab76525cb775616c1cfcf39a2718ee18770b334ca258536dfa502150c31629ad0b910af13d8aa900c60ea9d638d

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    45B

    MD5

    191b692abb151de26be371fdb37af0c6

    SHA1

    718421937d9d19f25c64163d1bc5302f2e486580

    SHA256

    d18a7e40f3b313765ce109f9d457c337796d47eafa31ec61ad06068e6fed0c3b

    SHA512

    c331c91d2657018e354c55c27a21cf372373ee9144c63eae821d91530281ab02d28bbb33e6edc16530f092a0da60a4e716b0488e23b44f34fcfff4c618471c22

    Download Submit

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    419B

    MD5

    2bd843bbbb60da235bb7376c7b967a98

    SHA1

    0339e723b4d1b79cfd70f79ac59a443cb375a72e

    SHA256

    891a015379b462d5c7d9a8def8b08889383f7accee514719d5a3956a394e034a

    SHA512

    d904ce24ac0defbe2429a6cebca48d605b3ecdb6d73d579d6f294801da9ed4846437604fd49b71b5279e3d2420d5e82c3bdae4f0c8eebf8c2deb5bdd786b5bee

    Download Submit