Overview

overview

10

Static

static

6

bad9af2eac...55.apk

android-9-x86

10

bad9af2eac...55.apk

android-13-x64

10

Analysis

  • max time kernel
    22s
  • max time network
    36s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    09-01-2025 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bad9af2eace801253d4e9f5ad61522766ab7e9e33721f95f51e45a232319a855.apk

  • Size

    8.5MB

  • MD5

    1fe48704d358f39e8a1e6793cf32ec44

  • SHA1

    6ed078ae15c6ab2137c0c13220034178c03cb572

  • SHA256

    bad9af2eace801253d4e9f5ad61522766ab7e9e33721f95f51e45a232319a855

  • SHA512

    745f68d63ba7ce71bbb510d86a7bfff5247a137f1da50919a4478c951cd4315bc9b8c9500326d2504bf07a1d0b3f3dcbd9bad550f8daacff694051069b8dc052

  • SSDEEP

    98304:kUHvo3XaRsP6766ce3VlFRKxP5t5iSRG7lVK0/mlAJ:fHg3XaR9OOlFRktrwU8Z

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

AES_key
AES_key

Signatures

Processes

  • com.hdialog_servicess
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hdialog_servicess/.global.com.hdialog_servicess
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.hdialog_servicess/app_mammal/FKpH.json
    Filesize

    1010B

    MD5

    d45f285d760aacaea8b62b929aa7f508

    SHA1

    6f471650304c1d35ab48a4e550783e4ccb9da789

    SHA256

    d39366b198e424fddba0ee8ce70cb2bca7b19ed5a3c34766c7d5bba3e2b29c8b

    SHA512

    4dce6bad49244776f28e864391a181b32469ea015f78c95457a629e594c036578085ef091f12a73427b14b058c9130299d2a5bece3d58d5bc059f6742c0c833b

    Download Submit

  • /data/data/com.hdialog_servicess/app_mammal/FKpH.json
    Filesize

    1010B

    MD5

    eab23d1419c87d9808562b2771551ebf

    SHA1

    173d4cacd41dae266af18d572f4c9129b0cae5b3

    SHA256

    2a4dbea84f737c6a3c0c39f19b3bb8cc435a20fa9023d57fa5459bfc19e2fcc8

    SHA512

    981f16ff820579e2c26cb9bbf98b849f8bee19a10d92c1c544fc90b28da2b746114df05b4bb9392d5a262eb825915df6674da217155f6ecb38ce978acb79f421

    Download Submit

  • /data/data/com.hdialog_servicess/files/.s
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.hdialog_servicess/oat/x86_64/[email protected]
    Filesize

    13KB

    MD5

    4eb213f0d42284cc4cf322fc0dacf94f

    SHA1

    8b85fb993b16b30b85b222ed892493824fe987f8

    SHA256

    19f2425bd95673b36d29ead708031c0d65526700d542c609e5bcba2d7fd0343c

    SHA512

    3d20473a2b49c5fb31f24b111477398af5934b402c36282f949f982764775b4366654c6595386dfb9792d53c8e28d09281da7d7515761868b4b2c52ef4f5ca18

    Download Submit

  • /data/user/0/com.hdialog_servicess/[email protected]
    Filesize

    525KB

    MD5

    70981d9418d72fd36fb9ccb8e7f748ab

    SHA1

    51f11625438841aa3237fdd802e52dfb0a319ee0

    SHA256

    28d7d08a0784db4a93c374ee56d0b65206811095d8d615920ec86c2f891e571f

    SHA512

    102b421a97848174c2966fbda529c000c83dfb084932bfbf824d1bd8424aa1c4fb7ae703c594dcca54747bd6155c2281d4d9533f63a5741ae951236651446c22

    Download Submit

  • /data/user/0/com.hdialog_servicess/app_mammal/FKpH.json
    Filesize

    1KB

    MD5

    19d7065bc89f19f238e3dea5a14c2656

    SHA1

    184ad6076d7999fb479c1c04e2f7f21c04d3a408

    SHA256

    ce9084a376132fbfa09e46889a4d8c86042c480f9c13d7696e9f16c64a97dc74

    SHA512

    6660ae94d90a7ec9e9fca897f16ced96a019acaccc413a47e84a71e36742cee22e87445a04627267493c49830e89fcbdc88bf91b6e020e000f4fde10088f663d

    Download Submit