Overview

overview

10

Static

static

6

64d3afd838...83.apk

android-9-x86

10

64d3afd838...83.apk

android-13-x64

10

Resubmissions

20-01-2025 12:27

250120-pmqv5aypcv 10

11-11-2024 09:45

241111-lrc82swqhs 10

Analysis

  • max time kernel
    149s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    20-01-2025 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64d3afd838f529252f3975298bb37a1cb871486d5c690ede912fb51800523383.apk

  • Size

    7.6MB

  • MD5

    283f2b0ce547406e835cb069ce6da552

  • SHA1

    d016401c77ef8abe16c4183032e9053261ac4149

  • SHA256

    64d3afd838f529252f3975298bb37a1cb871486d5c690ede912fb51800523383

  • SHA512

    c8b83424f75e516dc5759017366cad3f6285680068abbd1bd173372098b32cd35ed27f276fe62b39894962c8ad9824bb22e073784b93b6a598c50cf99fe4734c

  • SSDEEP

    98304:VPvu5iSRGxSUH3X+VKL2RsQjh53Xwycbj8/kFW0FYDnd9cIR/SJTvtG:VPvurfk3X+USR5A9r8IYV/whG

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://89da6cdf698d348408e0a8e84ece89df.info

DES_key
AES_key
AES_key

Signatures

Processes

  • com.gcom31providers
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4344

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.gcom31providers/.global.com.gcom31providers
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.gcom31providers/app_dex/classes.dex
    Filesize

    1KB

    MD5

    eb65ac5c2dc00b48a211c8e70e2c564c

    SHA1

    fe093ce4b18285b2a43b1b91a5c5e47dc95660aa

    SHA256

    132b1f07b20fd19b04666ca13c846951632dbcff6d31ba4f1749d5ce4050bad8

    SHA512

    4bd2b081419513e58d2381748ff79d0c042823f8ba4cb7e42cda36bad7c8d9182b79a71f14f516c7a407683cd700ad28de8754f09371e528cd274163c42cb243

    Download Submit

  • /data/data/com.gcom31providers/cache/classes.dex
    Filesize

    1KB

    MD5

    ba8304c9e14566d7dbe8088089fd59a4

    SHA1

    c05b34563acb93ad9cd523f6271c0d2fb9b74868

    SHA256

    545d005f9cda6b2672d6dcdf1a6d83427c8863ccba49ae1a3f58461b29a12a93

    SHA512

    65c72a8e48ca3036aeb498408be213de2ae52776bcdbc73daae91b5e15fe2ebbc0014705f483dadf7408c1f5a7abd8dcf78c0df476e0f8ddbf61fcfc1d8dd146

    Download Submit

  • /data/data/com.gcom31providers/cache/classes.zip
    Filesize

    1KB

    MD5

    52ba42c1af65da09b9986bf7a02ff3dc

    SHA1

    aea733d2594baa7d4a68d337c1bcbe6afc64bb64

    SHA256

    7486de0d5ac7b2a0c2290b8ccf67f88b8abcf25cc7862609f62ecb277ea702ff

    SHA512

    bd46bf67601d34f4fdc261798e448e1b37f54e9674f8e0256db45a7b4db3ba717a4a54805b1eedae4d7f2f5fca91b366ea2cef3c9f902a55d6f5e2b824496f29

    Download Submit

  • /data/data/com.gcom31providers/files/.n
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.gcom31providers/oat/x86_64/[email protected]
    Filesize

    13KB

    MD5

    29fbd3166446e5da15bd7648ee41a3ee

    SHA1

    2fa0469640603040f4a3a87eaccae1e6f8f509d2

    SHA256

    50b98a8ebf9c8a0a94c5819ea0b2056b325979128053fcaed6a5ad5f3cfb507c

    SHA512

    2715b449141385318da57eef82bab3fcc6d188883a3d8f995d8fab8d13c6f77f62786bcc4194f2f55397755a477f3ee8fbe83d1265ba5386f172f87b315e4fbd

    Download Submit

  • /data/user/0/com.gcom31providers/[email protected]
    Filesize

    525KB

    MD5

    76e59d3e3c9bc98bcced1da7340cfc37

    SHA1

    57af0afc8a0fa4ddc554f754041933679c03f35b

    SHA256

    321608254d21b14b86f246ee4e9b8617146654d712eea28c796150fb68acee61

    SHA512

    34da3b0ca7463a19fe2f21e47dd6d97fb5148ad98206d744a38ab04b39531eb3384ba742c0db46b019bfa3690a911e0f23343937905e592d1d967aa20c7c41be

    Download Submit