Overview

overview

10

Static

static

6

1aae1e8173...3f.apk

android-13-x64

10

1aae1e8173...3f.apk

android-9-x86

10

base.apk

android-13-x64

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    29s
  • max time network
    26s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    21/03/2025, 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base.apk

  • Size

    1.6MB

  • MD5

    871ad2475ababea9dc67fa3396662753

  • SHA1

    65702d5bc3e5f6e342a46102f780f7f12eb023e7

  • SHA256

    2ab2c7af22028d3e7bd62de16d787f1b6718d1cf49955cba0844d9280b15ae2d

  • SHA512

    5c2880e153077751db5156cdb8088c2e236aacd1a7ae19b43cfd2983581d76af8edc87c1878f52de6ed48d6681c97b6561947917732d021ff6d0cb36fd9deb38

  • SSDEEP

    24576:U4LQL0ewuycOF0fMTYFxxnJg7viCZFPrQbbpEPLVnbhKYSlX/p4dQMqSoxtRQAxh:RRhYF5g7viShrMSjRhKYRdQMqSoHXz

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://emonifados.quest/YWFiM2VkMmFmNWFh/

https://emonifados000.net/YWFiM2VkMmFmNWFh/
rc4.plain

Extracted

Family

octo

C2

https://emonifados.quest/YWFiM2VkMmFmNWFh/

https://emonifados000.net/YWFiM2VkMmFmNWFh/
AES_key

Signatures

Processes

  • com.morewouldyk
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4467

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.morewouldyk/app_DynamicOptDex/iKxZiyk.json
    Filesize

    1KB

    MD5

    8315b013bb2d1857c89581519ae372af

    SHA1

    3bba2882abe325bc6692d10a22e1080349aa88f4

    SHA256

    6171939881cac7e87612b72974fe9d8d33c4ee7d8e9a1c9719f8a92fbce91fc8

    SHA512

    c519ae909ef6a9b604250804e15243902b1951a28564568435670089a02361746682b6aaf69f42b13571a84ec155b771fa2601c9b153e925c1e73075360978e6

    Download Submit

  • /data/user/0/com.morewouldyk/app_DynamicOptDex/iKxZiyk.json
    Filesize

    1KB

    MD5

    8eca4b52bc7e3f5c7a737ec7fffd29cb

    SHA1

    98513cae27b04562101cbdfd7479cdab5630e3e7

    SHA256

    6b15970cae8db20c37647df6e93fd62384701676b31bb5e55d5078b6a50c525f

    SHA512

    02fc8ed55dab3a28cb7bc34b1812f30c165d37cde1f775cdd45fbaa481778520225702c6f603954a8f73a8ff13caf4a32fc5b7de8557405d0b99f37157bef8a2

    Download Submit

  • /data/user/0/com.morewouldyk/app_DynamicOptDex/iKxZiyk.json
    Filesize

    2KB

    MD5

    a4a876d786f88020b099d40a084ff860

    SHA1

    d6ce42b1d4666ecee698ed2e2e2cfd748f4a76e2

    SHA256

    e711d7900e1d40d1f0d8a454f62788f43d21a294645cf6081ac94dad653ed8b6

    SHA512

    079dc738c276d11640923e4c5d5ea78483d7b8339e740d0510da7a8266bb6457589e64bc0d90d13f9a869a80c0672dcc054c6a352e7ea930a27480311dd1e81f

    Download Submit

  • /data/user/0/com.morewouldyk/cache/esimuzfui
    Filesize

    448KB

    MD5

    f7e557fe086242872e8fc5915dce08d5

    SHA1

    7b72bcb8eadc2f90373c3e8b411e993a9b68fa9c

    SHA256

    6ea1092caff8c9893d7bd54527bc4416bb9177ac85ae7f9acd3cc5c20b54ec5c

    SHA512

    8ad1cad799d43dac083d4fce2b5644782c3113f2a1dd616a1d38c2097f1bf4946c2cfbc5e11dc2084df0bb2b0a4bd4c6e1079edfdffb1648bb17df7940fa2de0

    Download Submit

  • /data/user/0/com.morewouldyk/kl.txt
    Filesize

    68B

    MD5

    7105903a84ffc2a94ae0acf1eaa1ee5d

    SHA1

    aeee2761827b3ace094a5ba29e9b3c90473cb0ef

    SHA256

    636c1d47623a029cf899a25e0f13c6fb9d73fd0656b4415433c61f0f83b2be27

    SHA512

    ccb02457beeac8594e7ae8ca55f9481885c3f41e75fa2b9d7ba7b92f1f4933ba567a66a95fb63ef11c5d1cecd3071260835de386075dd9f31cadec5226a349ea

    Download Submit

  • /data/user/0/com.morewouldyk/kl.txt
    Filesize

    76B

    MD5

    c2841f6a4d03b7b240d6b064b8a429e5

    SHA1

    a8b1dcef1dd95cc64ab3b2f1dcef260528b3332b

    SHA256

    84e35dba23bc64e72196b25e2a04b1a90dce3e09595f634d4493784d4021001e

    SHA512

    d798ba692d65e5d75f8a18b1f4be3f71f605e95e82b1c28e67b9307d90dc5db72cd76b50f5e1c0a8e2d5325cc11f353a115f1c28428eaff9ede36a0019c333e6

    Download Submit

  • /data/user/0/com.morewouldyk/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.morewouldyk/kl.txt
    Filesize

    221B

    MD5

    205d9b626358d144a7ca4dd46ead8c72

    SHA1

    79659d5ab620ee93cfb3db23be45e9daee6146de

    SHA256

    71e3004380a2a0968c90dcb110e9190e4b63b7aab4692c57ff3dcf4cc7927173

    SHA512

    b709d62f85dc48a073f78d5206870ee263d9ddfdacdf1fea1dc8dca194601499a5d586f2d1440da2862255df4a58da99646813da0359b14f3fc13b6ea3213ae8

    Download Submit

  • /data/user/0/com.morewouldyk/kl.txt
    Filesize

    64B

    MD5

    7b8a125c6e8dff93a0b9dad8e6630838

    SHA1

    7a7c2e9785b44e51ec3ae1ba5241799036e55f08

    SHA256

    ae05c3dcbc387be64ce1f2cbc5c4393458a24cd5a54d959eaf78df65c400f822

    SHA512

    44c8bed0d92848aad02968c35dd698ee5271f6cab5c3f29df9af033464e2afd34c2a9a6a73c53b202dbaf462c7350ad77db88c040a2e056ccff2be763d6d1889

    Download Submit