Overview

overview

10

Static

static

6

9631e0caff...88.apk

android-9-x86

10

9631e0caff...88.apk

android-10-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    22-01-2025 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9631e0caff800bb316000df99497f081dac72a3345814364f2dcead772e86588.apk

  • Size

    2.3MB

  • MD5

    0ed0a0d0afa3073d31f6ee23b5e9f387

  • SHA1

    ca90d700cf3c1b69530237bf17c1c1d33a68aac2

  • SHA256

    9631e0caff800bb316000df99497f081dac72a3345814364f2dcead772e86588

  • SHA512

    0b6bd0a278864aa10dbb85ea56f44f17f9bc8191274cc21640939ba7268bcf6e81a2946007f1c5d5102ca18c4ec41ad330d2bd2befefab5b397ce7e82cb9adb9

  • SSDEEP

    49152:wVl2o/wVPHUTZgihjssAdcG90K1hcmZGZbmqA2YM2ZP5VSFggcZPsNAE4KoSENE7:CIHUmEjh9GbpZQ/A/M2ZLCsVh8KMgQZn

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://vippivok.top/ZTZkNTJjNTkwYzk3/

https://bobnoopopo.org/ZTZkNTJjNTkwYzk3/

https://junggvrebvqqpo.org/ZTZkNTJjNTkwYzk3/

https://junggpervbvqqqqqqpo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvqqgrouppo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvqqnetokpo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvq.top/ZTZkNTJjNTkwYzk3/

https://junggvbvq5656.top/ZTZkNTJjNTkwYzk3/

https://jungjunjunggvbvq.top/ZTZkNTJjNTkwYzk3/
rc4.plain

Extracted

Family

octo

C2

https://vippivok.top/ZTZkNTJjNTkwYzk3/

https://bobnoopopo.org/ZTZkNTJjNTkwYzk3/

https://junggvrebvqqpo.org/ZTZkNTJjNTkwYzk3/

https://junggpervbvqqqqqqpo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvqqgrouppo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvqqnetokpo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvq.top/ZTZkNTJjNTkwYzk3/

https://junggvbvq5656.top/ZTZkNTJjNTkwYzk3/

https://jungjunjunggvbvq.top/ZTZkNTJjNTkwYzk3/
AES_key

Signatures

Processes

  • com.partchildreny
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5205

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.partchildreny/app_DynamicOptDex/leqwOb.json
    Filesize

    1KB

    MD5

    ac4629c4ac6652f2ff3bf6ec86fb6d40

    SHA1

    0cfe157072398959cfcfc8ddcd3b1bc0137f87aa

    SHA256

    395c9993327e02d090eeeff1f292111d711c930edb710d1c2e1c5cc726631f80

    SHA512

    a91fb05f2a56c811ac0826987769720bbdc41e4cf0ae47cec509e66baed86d48270d6b50ff0858619583c66b3d17a4ffadef5a3b3a1047b6dac14ddf81b48258

    Download Submit

  • /data/data/com.partchildreny/app_DynamicOptDex/leqwOb.json
    Filesize

    1KB

    MD5

    26ed72bf37b30f750068fc58c4bb33c1

    SHA1

    b703274b48fa6958009202a53de70ef2709f4550

    SHA256

    47644b6ae298d27959787cc3e0d53b236074c427d8bdaf5df019c6161f9dc80e

    SHA512

    63edbbc5efc01e22a72f96d65006c36d2a9230f8370fc7301c603743c8b713de79e465f2fec7d37afd00d5954dd7441a435b7f3be4746cd58faef2bb49421a5e

    Download Submit

  • /data/data/com.partchildreny/cache/ftqkncc
    Filesize

    448KB

    MD5

    71d7f546e0aa7feb8b5610052766ff0d

    SHA1

    9be6acd137c796c676f63ff3bfd835d48d6ccca4

    SHA256

    0e3d7d3013a257de4c1656036ef786100a5a66ff53a4244fbe829467c49345f5

    SHA512

    7481242d6e2fe5e4437bc3dc9f161df4b0a9641b571cb0a6baa093af8ad26fae63622b02b8dd83fcc15b3dc9ea8ccd00134f075031381b93b3793d591c509a87

    Download Submit

  • /data/data/com.partchildreny/cache/oat/ftqkncc.cur.prof
    Filesize

    490B

    MD5

    3dc47380a29ffed74aa195e01ae37251

    SHA1

    024a02630e477f6518b15b66f4f3e17daaae1d6f

    SHA256

    34f6b3c51a108e4b6d1553a924fc16b7246ad60130de1c2ab8bda6d0b37dbeb8

    SHA512

    2a6541f60e673a493681013578e65b08b9138821ce539c9a54385755aa8ff748515d3815903e3895addd042a8f6608ae32a9d36d10f8abaf73e0ceace58efbb5

    Download Submit

  • /data/data/com.partchildreny/kl.txt
    Filesize

    437B

    MD5

    72bb4e6f32119522608baf1860678b03

    SHA1

    3bc61d7901897473434d43067c9e198136a5bcb7

    SHA256

    53501b53658edea3844fc9dafa5a8f84642dc4a5d443652f519cf83e1ccf449c

    SHA512

    eb49272d2c68c9ddb71b4888c0f06706da0896bc4039ab022c56725358d467023c513a2e08d0461158ef70305dc9c874eaca952f1ac504e748d6b6dbd49035e7

    Download Submit

  • /data/data/com.partchildreny/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.partchildreny/kl.txt
    Filesize

    237B

    MD5

    bcd361b412455bc433cfbd9d76d06ab3

    SHA1

    8b93379a647fb36e5644f427a243f1aa3216d5e8

    SHA256

    edaeb04d4d5157000e46942d5e3de46e598b468934b9b09fab44ef762fd18b15

    SHA512

    9413c9166cb561a4d9042f2225639efc6fdee633c558711579a66a15c3f1ffb6b051d323b0636106c5348171ad9cffc92a353a694ab2ed7f94f379e527f02590

    Download Submit

  • /data/data/com.partchildreny/kl.txt
    Filesize

    45B

    MD5

    e764307efd3cddda35adfe318e03fe34

    SHA1

    1e1d30d81c8db62a1fb9e4301fccc82e8644b68b

    SHA256

    8817c419e86c4b925137c2332633c8db1a13adedbf59ff0f0614fd8c59f77de5

    SHA512

    b60e76851e677ec1505512e5805a2ff76f7ba0a9931d9af69f2e3746db66bcba3e368a0731f1968759b42d19dbabd6af59c65066a10b6332526442440dc05aa5

    Download Submit

  • /data/data/com.partchildreny/kl.txt
    Filesize

    63B

    MD5

    94869bb8daf948dcba0ce5071484908e

    SHA1

    a68555c2a3038166f40e486bcbd22d48e26803fd

    SHA256

    e8f832add841502afde00ac11b83b55956916e79df20cfe5703cab240c33119d

    SHA512

    ce6d7bec75827dea0efecee309e7e2da3218a548e75ec701706082dacfce493cb3f3bf482792d6a27d6b7e593af54dcadb0cc3b71aa11aeddbdfdb90f065bffd

    Download Submit

  • /data/user/0/com.partchildreny/app_DynamicOptDex/leqwOb.json
    Filesize

    2KB

    MD5

    94a37570a6ad7d7c4cf52701e441ea59

    SHA1

    8933f5345481404b26f01d048731b8c9a45ec8bb

    SHA256

    f21e111bca4dd245be46e019829339d3c71619b6a30be94dc19a5f2f46095e1d

    SHA512

    0614911af7c953e36ce23dfc3b82e7b0edcb7077671b339263ed657549a1e519fccef8230a88951af8ee343aecb842c3d18256e5af83bb3e2baa8736dee17d1b

    Download Submit