Overview

overview

10

Static

static

6

3f2fffc271...ca.apk

android-9-x86

10

3f2fffc271...ca.apk

android-13-x64

10

Analysis

  • max time kernel
    24s
  • max time network
    37s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    09-01-2025 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f2fffc2711873105b2f780a7073e9e37f5aeb970914f6c67a572a46bea1edca.apk

  • Size

    7.3MB

  • MD5

    5523433eb86d53345065031c8a1793b7

  • SHA1

    1f9ca842c4b64023b05f8a65ef9c4095c1f439f5

  • SHA256

    3f2fffc2711873105b2f780a7073e9e37f5aeb970914f6c67a572a46bea1edca

  • SHA512

    e925b6379f00cf47255f480b932f0da415cd5aa3ac011d907b4ab4ac0b889cb39d9713494f082bee3a4de1155423bf8cad322e2a2a09a35828dc26e64eae068c

  • SSDEEP

    98304:Spx4jV5VKY74aj7y5iSRGc6RsupIeCz+/eaDWy:OxInUGlj7yr4RWtYe4B

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

AES_key
AES_key

Signatures

Processes

  • com.sourceextra_stripe3
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4344

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sourceextra_stripe3/.global.com.sourceextra_stripe3
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.sourceextra_stripe3/app_repair/fZAx.json
    Filesize

    998B

    MD5

    2a85ef0be080ec62afb415e219a793a3

    SHA1

    aeb87bdd037552ce869b5a9bf23eb9ef6cf54efb

    SHA256

    4eaa45850acfb83bdf40b838a9520cbe0bd07b6fa14b551bd8d27df17558b1fe

    SHA512

    a86f9110f040ab9acda90e6e218cfd82a35e234f4fb05f9fb435f768be1377e058f7751ab62c44c34b2adffda66688993b9d16fda23f8e17dc5e8d0d8fffd5f1

    Download Submit

  • /data/data/com.sourceextra_stripe3/app_repair/fZAx.json
    Filesize

    998B

    MD5

    b87c85485e92813c12df979aa4c2b4fe

    SHA1

    640ed5b61719898f129fbd367b0ae2cb57535d64

    SHA256

    8a77be151d768e5644b3a23a318f3d07bfadab384a03d3eb70ab9820ec3ed3ec

    SHA512

    9e7cf2e1e4b849f2b5a52b1c51db29e3ea1db7939b5a1c108c77219b37bd1740f9e70866001a1d3c86c2a1cb5426c72c5c8e7f7fd655ef1b93eb6b33f54eb511

    Download Submit

  • /data/data/com.sourceextra_stripe3/files/.l
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.sourceextra_stripe3/oat/x86_64/[email protected]
    Filesize

    13KB

    MD5

    2e4ce67e583a76a5e54a110787348fc1

    SHA1

    21b859d152872321afb8ee2da7efdfc2a2e256c7

    SHA256

    92aea2ea2f8f0bde8633a2c64021ce830215ad78dad21a7e243c4afbaf037748

    SHA512

    395a6c52fbd6b41bf322d678db7f1ab733b5f05afa9f7e70eb14236cc04003233007c205944813c86ca3ba454f8a6bbfcf152675273c1512b19548c7cc7ec221

    Download Submit

  • /data/user/0/com.sourceextra_stripe3/[email protected]
    Filesize

    526KB

    MD5

    0140a6c3250c41a9798f299a643f2abe

    SHA1

    aa7e5f0e05f3914bd25ee43203ba00c181bc1ef5

    SHA256

    36de3de90b46a1cedb6b6f19da5cbddb0f12219b39789ac76b61b0c98fd27a48

    SHA512

    00f016ff23d5ff907f2560a73770aab605af16a5b37ea7c5196fd98a66eeb5e4186e1b2be3828295cc373003b5839e9ab6b05f41e6b29b1291f3bccd90c83d72

    Download Submit

  • /data/user/0/com.sourceextra_stripe3/app_repair/fZAx.json
    Filesize

    1KB

    MD5

    9be978ee2969476b84481380207030ff

    SHA1

    dab5685b2dc3400baa88dc9ca1bf062283adca92

    SHA256

    6ef6674a92ef7c69e9310f60143efe361431b9152ef5f401d1d92fdddc8ff3c7

    SHA512

    8df17806a022c3850f6be47295e1c722763450f3d28c24ff3a6c1edd01b2034ad25cee6a30bd12d4e88c749e40e7161327a657f2ab6650e0de5355b8edb02efc

    Download Submit