Overview

overview

10

Static

static

6

0172a93ab3...dd.apk

android-9-x86

10

0172a93ab3...dd.apk

android-10-x64

10

Resubmissions

15-01-2025 12:48

250115-p17e2asqhx 10

15-01-2025 12:43

250115-pybwcavkdn 10

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    15-01-2025 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0172a93ab3f19b968c8bcf01d43022fb662c213b473fb43e6bdf25248ee1eadd.apk

  • Size

    7.0MB

  • MD5

    1f603e8cdd515bde64145eb1ff77f424

  • SHA1

    23de762898566b70016715b928f05effaa7075f3

  • SHA256

    0172a93ab3f19b968c8bcf01d43022fb662c213b473fb43e6bdf25248ee1eadd

  • SHA512

    8f18df0deca158759e79360e6e6c2dd5eba1245c89acfd20964fdc811a4fc5efadafcb4af4b2a6a3b7e61c2322f6409c95b726e08b7e40abdd4ae5faa5b14253

  • SSDEEP

    98304:2s75iSRGJeu2t+Si2M6ZRsUpDIaCj7aVKubTDlRZYcgOJ0:2s7rrt1i2MKR1yPj7aUSvlRZjJ0

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

AES_key
AES_key

Signatures

Processes

  • com.fcontacts_threeey
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4998

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.fcontacts_threeey/.global.com.fcontacts_threeey
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.fcontacts_threeey/app_false/Ue.json
    Filesize

    1009B

    MD5

    1a775b04dd41d780ef03f33c4a056646

    SHA1

    aaba70e56d9e7ce2e8443c88556a41ab83b160ab

    SHA256

    e7615420fe98ab46cab25fa737e698ca7c5aa9d657b5633f7b5c10a4fd5d5553

    SHA512

    995ba5a9f9e679757a47666b0ba227c098939176ee55cea1a5658d9e63ed0edc2e6f021b498d751ba6c67dfcdba3b0de0b163560b957a537615e619b4c59b381

    Download Submit

  • /data/data/com.fcontacts_threeey/app_false/Ue.json
    Filesize

    1009B

    MD5

    38e37940e70c3f985d7879ced9200b0a

    SHA1

    3a7771bc95b7711fc6262f062c7a42409cd2cf1a

    SHA256

    7240ee0119f7de0a97983beda5deeecad487711b96938b2a0da6cb7c24c03f3e

    SHA512

    46979e08da1b98adfe41caae8128ca9d7b8db933b18ac5f0b7c08b00a4cf2fb2b8b709fed44dca9144284007bd46a5a146fd3ebeaac98e7b38a84de486f3c5bf

    Download Submit

  • /data/data/com.fcontacts_threeey/files/.s
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.fcontacts_threeey/oat/x86_64/[email protected]
    Filesize

    290B

    MD5

    f41744d134a0f93a72365f375ebfa2af

    SHA1

    f92c8539db807fc2f81ea0158aeb46eaad270ac5

    SHA256

    ee1db613a704ed34a556df2a626d6e5939cbb6d4dffd7cb0aae361a125ac8f75

    SHA512

    e62d1da36ef634e29c983dd3048301fc01d7f51b9a498735fdfccb8ab32822b198bea6b45c32b14541485dd9638b1804257ee8aae6d70716e6e1f746207d6948

    Download Submit

  • /data/user/0/com.fcontacts_threeey/[email protected]
    Filesize

    525KB

    MD5

    6e1262bcb015b056e16f0a8374a56174

    SHA1

    8b1bda24bed0a7e6d450a1ab37e3c0c83c85cf20

    SHA256

    9ee6516ee147bc8f0fe7de2be4b86434f483a8c22ee1fb18abdb29a07e20015f

    SHA512

    a5a387190b3b7b6d25a261c6bbb71251f2b7a5ea57bd20faaf052ac971e0fb9137412ca65c4a3e822676841214104f7081e16ab4d27c11ff5190705cddae1210

    Download Submit

  • /data/user/0/com.fcontacts_threeey/app_false/Ue.json
    Filesize

    1KB

    MD5

    8f95870b5ac5b96f85ac633cdc50b059

    SHA1

    56c50fac0aa24dbb717fe181272992b5cb1001a0

    SHA256

    ab309d34a2f834c80f3ac9e8982e0a8bb42256295a5e34b70e781172983b1b6a

    SHA512

    759377365e5e8a18900b296ce70781264ceb2945735688e023738eb70c74668ebe442621c9c3740e573dce97d3d23324336f7c50815c9b8d07dfd4e3e9c05ab7

    Download Submit