Overview

overview

10

Static

static

6

7a7f42d28d...cf.apk

android-9-x86

10

Analysis

  • max time kernel
    18s
  • max time network
    27s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    11-01-2025 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a7f42d28d65a10f934af656bc714c8b6d0a02c1f6cb1374c272b83cc71caacf.apk

  • Size

    7.3MB

  • MD5

    aa591286f90c59932abee9fc9930f66e

  • SHA1

    58f4bdb75a0215669325cd574e428ebe2b3d1602

  • SHA256

    7a7f42d28d65a10f934af656bc714c8b6d0a02c1f6cb1374c272b83cc71caacf

  • SHA512

    3b6e73606351451e7f7361f3918d83704ebda0e6b4335509907f9107e5938237a82c291a9fa3b8a7d0bd3e1ef609bb6e5c79d966126b8819f94f614c89538957

  • SSDEEP

    98304:I6R80wrSHf27iE3XHVKl55iSRGFC9sFh8gmq5Rs/0:Ig80RO7V3XHUnrN9sFh8gmq5RT

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

AES_key
AES_key

Signatures

Processes

  • com.center_frameworkct37
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4315

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

4
T1422

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.center_frameworkct37/.global.com.center_frameworkct37
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.center_frameworkct37/app_throw/jdpWhlh.json
    Filesize

    1018B

    MD5

    3e3e354d07b7037245078096031a814f

    SHA1

    1792601e5e4781592b14724163b66b6adcc47b55

    SHA256

    69f60ea871048fa181c2a6bc88c458bcba07b43273d54751af9ad07e72343af5

    SHA512

    cef3ae3aafd54b5b707ca839dc0eab9bbadceb8e8c0221dfb2500a77a081fcaab259853dae0dc1f08d7a16a7308d4863e800ac24cec69d078aa6c6754d993187

    Download Submit

  • /data/data/com.center_frameworkct37/app_throw/jdpWhlh.json
    Filesize

    1018B

    MD5

    ac447a5c892bee24ecd313f641935d94

    SHA1

    165533d23854e5ae659f3a95493a334659cf629b

    SHA256

    35526c5aa2353a08fd0242ddd96b0613daab8376844d4d4b57eebf947b005418

    SHA512

    639c4d719c876e64287c0acc2cc6ad2912929f10e367ba854284d7e5c60f0d945c2c320cc0d49058b8fc62e50ad29889b72ec483e9bea0ec236551df19717bc2

    Download Submit

  • /data/data/com.center_frameworkct37/files/.q
    Filesize

    307KB

    MD5

    4e73947cabb5db3f92ca85004981b754

    SHA1

    6d9667fdb0280ed2dcb782b4683e422a51bdc601

    SHA256

    6db94232e756b90ed437f1bc87dc38cf20fb2e7c7a19a5e40c6c17254b7e234c

    SHA512

    be8b500a7070af1dfb53b0cf1a7b327dadc4e163a6dad905496ac228c58cd1ed87b054533917924455d35e9b300683ae33e1bcdd91935a5dbae1d693c3e13d69

    Download Submit

  • /data/user/0/com.center_frameworkct37/app_throw/jdpWhlh.json
    Filesize

    1KB

    MD5

    537493871ae73830963a2f929cd3cb3e

    SHA1

    3aca9b756d36a336b36db714ab91a42f745bf133

    SHA256

    329e3b3796c3cd741e30958979192a31de9de63d810ee7c65bdb28127677d0de

    SHA512

    f92e0b657424f3ba8997af8b32181ffe26811cbae2dc6a865bb1c231737256991127c10376ecdd8c25e7d53be3f699de15dc5fe6252cc6f5109a0cfbb7112ef7

    Download Submit

  • Anonymous-DexFile@0xc30f8000-0xc317b8fc
    Filesize

    526KB

    MD5

    8c9b6516b4ac73283e2c2c99492c8770

    SHA1

    0d75e879ff374b8562e3f4e579a536b70eb213e1

    SHA256

    25e56ec224f8931cd49355c666ce1fb904d6248eff80398370e139ccc2f8c98e

    SHA512

    0d2263b31dbf9e39c34b7222042fb1c86c0e7d7c088eeddf09934c3cdaf726f56e162b8ea670fbd4471712a44ad56bacd076828ce94128183f5daad38bbbda4c

    Download Submit