Overview

overview

10

Static

static

6

3a058e837c...3c.apk

android-9-x86

10

3a058e837c...3c.apk

android-13-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    11-01-2025 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a058e837c817aa8179202f754850a1bebdeca1a22421b17b9947c3e75ab923c.apk

  • Size

    8.6MB

  • MD5

    3f08d0978d80de888fd1c7c2e37e6a53

  • SHA1

    4fabace698ba3f8923217bf0282096d250232456

  • SHA256

    3a058e837c817aa8179202f754850a1bebdeca1a22421b17b9947c3e75ab923c

  • SHA512

    9534e0b05b44e37398c8f7d9a08a95e59f3220a6f98ea5f23eeb84d603cee2a46c53a87d45803a5b8058af58d39597e9a9165b427f12d68c5b27746d6b9e376d

  • SSDEEP

    98304:0idbxVKJ2vn3Xc5iSRGt8RsPE+ZeNe4E3KVFozsswwCfO:0ibxUIP3XcrBRzlJoz95H

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://c741e321a625f9195ee4b22f53b8f386.info

https://8caf6a13209282f9dadc9eac58c5007e.com

https://3e78d460183b1821b74529fb2cba4fe8.shop

https://0d3adb30b93ee3f2a549636269841052.xyz

https://3b9f0a8e52740e8aeb04df710e392f5b.net

https://f3ad8ca1cecfb4942d9b6cec53bbfe94.org

https://63fbf2f62b78cc08552fcd87838b8e53.biz
AES_key
AES_key

Signatures

Processes

  • com.marketintelligenceklms71
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4346

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.marketintelligenceklms71/.global.com.marketintelligenceklms71
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.marketintelligenceklms71/app_ribbon/CT.json
    Filesize

    1020B

    MD5

    75c1f9b930fc4ea29de3f23fcf278537

    SHA1

    fb12d6d8126771b395beb17520d3600918f290c0

    SHA256

    9f48f2dd8ee77db4f4ae8dac2d36bbd6ca658e2eb3a1c4e14c70f04794e529fd

    SHA512

    4c69ec16701a0a6d881f0ffffe049dfefbef532d77a4373b7b7c0b55949ec78e7f65621f5a88301044484c6cecc582e13d47b2e9f63ddb02828273fde02f4d5c

    Download Submit

  • /data/data/com.marketintelligenceklms71/app_ribbon/CT.json
    Filesize

    1020B

    MD5

    dbd45af644fb8251733ebb7ee5953698

    SHA1

    e5cfc8d3e8a88a101ae59c6ca0e9d0d5e3e4528a

    SHA256

    82a3d5bff9763a46954dbf066dff8b6e2b111bc3dc014cbe8ae8b5d79eda42cb

    SHA512

    412627187e40b4f104dae83a1944f3d99e778b625584a37a8f2086547ee41f626c24792f4f673b6cf089f44eba0c53806eabcddfc84d0307efb8ceccb1f3c92c

    Download Submit

  • /data/data/com.marketintelligenceklms71/files/.m
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.marketintelligenceklms71/oat/x86_64/[email protected]
    Filesize

    13KB

    MD5

    1a28a09fcf0edfbb7e14bfef6c7f7eca

    SHA1

    569b85b59998778f8ee96c6ae0710d03702224a9

    SHA256

    d0391540f4a09ac5f40ee543832c7f6635e40705914667823c6a36021f084306

    SHA512

    39daaa9992f8122684812a83d62d4a287bc1013791f0df348c68b37baa19ab9f73f2ad8ece332758f2f179d313f0672780295b3e5c4318a6de944fd0afe30458

    Download Submit

  • /data/user/0/com.marketintelligenceklms71/[email protected]
    Filesize

    526KB

    MD5

    3d399c409f180e05a105ecf5c06703e1

    SHA1

    963b98a8cda502bebba98a084c9d5f95d351ffb9

    SHA256

    3352cbfad9a0ea1a67b48096c13e31573f2e56d604b097cc53481a11e852da1a

    SHA512

    cc6de73e55ca1e5ec2c503633d6f0ca1a62aef1d5bf2878bafbc76103f8decc302cd3356c4222b391a9ab04c8c568225cdb7f22f44155f3643c257e25cfda34f

    Download Submit

  • /data/user/0/com.marketintelligenceklms71/app_ribbon/CT.json
    Filesize

    1KB

    MD5

    21bc926ffbb89b059316f2c38698a51f

    SHA1

    d7b1c571c8ea5382fb42710cb4258f3a341bfa10

    SHA256

    3ac80d4d248536ffc16298aa38b0de533f649f711d6c348c85e95303e500dada

    SHA512

    b941c4ebdf481510e5d784567ef549aa3856c47cf90cd49e044f730343acc240a20a1e8a61ab76d440d498bf112a683cea1fe5deb7a735bd41b4f880366c0f8b

    Download Submit