Overview

overview

10

Static

static

10

00086a87f7...18.apk

android-9-x86

10

00086a87f7...18.apk

android-10-x64

10

00086a87f7...18.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    163s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    06-01-2025 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00086a87f752d0edb947fa663e008b7488927633afa88cf4eefc553b76ebac18.apk

  • Size

    255KB

  • MD5

    eb8040c700f3e8c02bfa1a9f6cb488d3

  • SHA1

    f94cc87a4c64544da79f17412097fe5b7cd5dde5

  • SHA256

    00086a87f752d0edb947fa663e008b7488927633afa88cf4eefc553b76ebac18

  • SHA512

    4dacca568fd34429f8bd96ddbe9b1ea6ec3b7514e8e2ecd8a829613dd481670e6152b6eb49c466b9e8386806df96b4ca2e11c1c2c0107d461b9fc25f2b9e9550

  • SSDEEP

    3072:0htNUjwlYxSeCsR266BAm7Bz1nUEF1+Tain1fNmLr5u5WDA5QIh0c3xPNyVVxHqH:0xlXepIGmNNot1Vms4DVoNo/qvudK3

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://93.123.85.21:7117/gate/

AES_key

Signatures

Processes

  • com.adaxffsfzfada.zbsvxgsvbxhdgs
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4783

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    228B

    MD5

    9dc080eb9e2a35c57fd1aea759ea5838

    SHA1

    ca508b3df47818c152edb38e4647b85edc35e6a9

    SHA256

    b0f54ea1a4171ae98a358d1579ec4caae5ac23b11f1b489937174df069f14112

    SHA512

    41978cae6a2a190df169d34a983cec539e1c5d6634cfe825bab03a138ff8f649ebec4be1610dd92b63cef93b8105a57f067080579f17f245cb32ffba0dde0373

    Download Submit

  • /data/user/0/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    63B

    MD5

    1aaed98999e5bc5593769c2909ef2027

    SHA1

    5d518f7ded05f5efc53dca0deeef85726fd69ae1

    SHA256

    a6bd69b8f37d02283851c30de76e2b35e55781708acff92494b454c563da1789

    SHA512

    382111d2f02810a24941d164f1758f7bb8f81e0cec495551f943270b0381becec3b2664842771ff7c0d164d7ff679f8e3fef821992f4829eb230b4ea018c6e54

    Download Submit

  • /data/user/0/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    45B

    MD5

    b8264b31c8794cddde447ceba9a65354

    SHA1

    46ea75c686fc1e1316c340741927f13cf21e5b4a

    SHA256

    a4fd42a275b8e568cafa720a920dcb6df7ea8bb99f3f07d0955b7b49bee09804

    SHA512

    a31e3a36f4ce611464333c9aca46e1741b58aad8504319d24fbf33a3c103795fcdb2f2e6b83ccb82d2cdeadd283ab790348518199c1be524c8fb95f25fe970d3

    Download Submit

  • /data/user/0/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    462B

    MD5

    08b37312dcbc046e3bb3d338ebc69a34

    SHA1

    b3539db4e609ca8dc90f001838f1db39e76a4826

    SHA256

    3ab4e76c60e39cd2bf347bf9cf85ed5db637bf9ccff9e483b020d3479d0e5790

    SHA512

    cb83487b61f21657929facb5d397f257e0b5d212503b76ed56bce7b3efc0edd9c0a604e3a5a58ad81268117f787e97a3c2b480139183d22abc4d131e0e5a663d

    Download Submit