Overview

overview

10

Static

static

6

0d06dfbe7b...30.apk

android-9-x86

10

0d06dfbe7b...30.apk

android-10-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    30s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    09-01-2025 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d06dfbe7bc873a6037fa6398bbb0f7d9aec4da52491553b4e8a4e4de3920e30.apk

  • Size

    9.4MB

  • MD5

    254702b67d41f8fdb330cc3bd71619cc

  • SHA1

    0374b6e57038a5666273e6ab94013ff83c10f8e8

  • SHA256

    0d06dfbe7bc873a6037fa6398bbb0f7d9aec4da52491553b4e8a4e4de3920e30

  • SHA512

    d5935ed3e67c03344f4dd293284fd8e3a8083f54a5e088e8122ce91a1750ec1cff61ca8d20a79646aa89d705dcc7e0667e8b8d48909630cb160999bbc51836b1

  • SSDEEP

    196608:NR857ej7ZRKUhrADpTGmhcgNa2dscgwdW:NR855ArKp6wcgNa2xgIW

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

AES_key
AES_key

Signatures

Processes

  • com.ipservicepush_provider81
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5068

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ipservicepush_provider81/.global.com.ipservicepush_provider81
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.ipservicepush_provider81/app_veteran/lseRux.json
    Filesize

    1021B

    MD5

    07427a5795d6b775334706bf0297d548

    SHA1

    0d071478c68581145c3030c70755a6d9cfe9a574

    SHA256

    224f20269e9fdfd3544c1abc7d92f3b066be2129eed7e7d95e6bd85b74006132

    SHA512

    355b4d8a1c9914fc2f3fccb513edda10d747db9bf155cf1f70c5daf8bde942d2d0a184033d981fcfdee53eb52ef06d9a4fbe8fbd2cf66c84121504331a07ff57

    Download Submit

  • /data/data/com.ipservicepush_provider81/app_veteran/lseRux.json
    Filesize

    1021B

    MD5

    11ebf0d2660e1a7f2610f20b4b30c037

    SHA1

    7a0dee3217f4f49ea7d72d4fd3075b94c8459055

    SHA256

    20fc8cae69a65b8827e2eda8ace84a86719af14c13e9637555705bafc3d15502

    SHA512

    823d209d1e0e08f52045c1fc5310afdcfb437e421f5aea96071e39f73a6545f4336137bf0b1db0aa0f357f0714c81e7bd1c4ca5989e17353455235854d5bfef3

    Download Submit

  • /data/data/com.ipservicepush_provider81/files/.l
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.ipservicepush_provider81/oat/x86_64/[email protected]
    Filesize

    309B

    MD5

    f3e0d9882689d0f67f16a1fa778a7b3d

    SHA1

    215c5fac11476c49b1893f8aedcaaa3761e15053

    SHA256

    9cfe389b6e6306f7976cb95b0a080acb03f7dadf224d19cd881148ede025bb5b

    SHA512

    aed419a1be0a17ead5e6b9209be1026ff30f0d2e26f1416be7e9f72f74b1eacb5384550f95bb6baa9667cae5bb84ddfe571cd682b8206830e7907d7d0e4e725e

    Download Submit

  • /data/user/0/com.ipservicepush_provider81/[email protected]
    Filesize

    526KB

    MD5

    a89d7a0ec6e1f9c519b21d59c26301d2

    SHA1

    46907771e52fb16c9fa8b8bb192ca8a54b10e32d

    SHA256

    3f62c5568a0977c4f15eff4a853283ed6f02d500eab6df67b3399346343e145c

    SHA512

    01daa56000d23f0b981e46c6ce9ff8deb4e907ca5d26f8bfa440f767f5b62304cf483d39aa360ebc445f743bf74766038a5867bee45fceeedf8912df4e438d2c

    Download Submit

  • /data/user/0/com.ipservicepush_provider81/app_veteran/lseRux.json
    Filesize

    1KB

    MD5

    8b80ea491a41063dea42fbdcaf757c9c

    SHA1

    73c492dcf2453e69e04a2a5544f1dac6bc27347d

    SHA256

    a04f29d104331c639f78ac01e1c6a92213102c035fa07b24e26b27cdedd6740f

    SHA512

    fedefa3792eb49b2e13b22fc84cc7d08676e3707c93f19ef74807cf92e0783dd775317fc69999e79681749128c4aab947b02240d603edc37c4d193a78bd4227d

    Download Submit