Overview

overview

10

Static

static

6

4961670c62...21.apk

android-9-x86

10

4961670c62...21.apk

android-11-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    22/03/2025, 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4961670c629f6bae3f820572cd00fed6199d9342c509e5eeaa36e26b8ada1421.apk

  • Size

    3.2MB

  • MD5

    9331e8cb5d5a282fc173e2e917262dbf

  • SHA1

    8e76e8ad5c5e6fae60bc54a56ac1e32ad8b72b18

  • SHA256

    4961670c629f6bae3f820572cd00fed6199d9342c509e5eeaa36e26b8ada1421

  • SHA512

    11e0de040f33799a3e97418598b32a67bd20189ea9ac1b01e2d1bd6792bb4d5f0c341ad30597e67672df6ec8c8ed2b25f081f138b9534379839edd4ac8b8d57f

  • SSDEEP

    98304:A4jyBT/BShXIT8WCych5DTiNMBU/zDRJNGKFn:byBT/cXU8acyNf/zDRyKN

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://185.196.9.197/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass2.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass3.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass4.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass5.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass6.net/MTQ4MmUxODBhMTVi/
rc4.plain

Extracted

Family

octo

C2

https://185.196.9.197/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass2.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass3.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass4.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass5.net/MTQ4MmUxODBhMTVi/

https://xxxpakunatationclass6.net/MTQ4MmUxODBhMTVi/
AES_key
AES_key

Signatures

Processes

  • com.studybut8
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4778

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.studybut8/app_ded/2Qv11thM6S1fPKxVbQpvN1HROpKiy5O4.dex
    Filesize

    3KB

    MD5

    f5cffe3307b1ed7e6c7d563117f97684

    SHA1

    3b4fef0a524d1e29bfe6c1ca3fd57feee566fc9b

    SHA256

    3309e981bc83f443e2b156dcaab1b6277399b03793eec1c062092eca83e92f2d

    SHA512

    8f48467b62abb8d99428fecf8b99f7b4d075a2831c36e790769186dcda5c480c4d9a52db5b2ea77de25b114bc6e515fe876898587e8cdd2589c636871fb343a7

    Download Submit

  • /data/user/0/com.studybut8/cache/oat/qmjaqyixgeuxsyy.cur.prof
    Filesize

    335B

    MD5

    9b6f397b7ac4ef34869f9ce3884adfbc

    SHA1

    d2524937d8253a04f259e8f067f069b337137043

    SHA256

    7c1c8b6298fa637a24634939ab97def31696975fcba1245e506e70842056cd47

    SHA512

    51c70b2e4c192e32ed4e03f63536d560cd3a514f2cfcc60c264a930603a5c75bd20c773208495bb1e3cce5588e291a46efc0df8ec6340d12258fed94c1659406

    Download Submit

  • /data/user/0/com.studybut8/cache/qmjaqyixgeuxsyy
    Filesize

    449KB

    MD5

    101eee30f6075f0d785255d80a1865b6

    SHA1

    9814bccdf5b2545e571ba27fa4a32caab506d072

    SHA256

    285dfa67f866f80ed32e0cecdcb2aa1ad4506025dda179164feadf59ce564cf9

    SHA512

    e807d83b7796b5d30a3760fcb3fbd276e97547d40083cecedf0c08e3b03299879e79ff247988675d2ac2d11aa8d7ed7daba0bd5c5180a60f27998d7fa76c5664

    Download Submit

  • /data/user/0/com.studybut8/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.studybut8/kl.txt
    Filesize

    230B

    MD5

    97b3d5193b34bde5835e93468763faac

    SHA1

    f62d179f7124cafa592725e0b8921467895f9a97

    SHA256

    ad275fb4980cb630e6e09578f3ccb8eac9efeab22c7ea96f75e5b0e0e42a038d

    SHA512

    30c0e7ea1cd27f72bb068754126c4c1105c63b883b32bf6e85f5946060e4ce47e19d4edbfa9bbec3421c474b5724411f95cb645619f2933074fb77817d01a13f

    Download Submit

  • /data/user/0/com.studybut8/kl.txt
    Filesize

    63B

    MD5

    3154a7661f661ad7c1a3d2ed5e9af5a1

    SHA1

    acc70cd34338389ee0281764bd471278d67f2b48

    SHA256

    96e696a5407607c512735f6a50d5ee503979646d8140f76664ea2f9be1fbe7a5

    SHA512

    cc0160e7715893031923e0b9d007b3a627ac3398b8c7f52d4518e7573005f32815785ff601e09fc3e324843a7e5a33a494cb90b553fe2d73f0c127cd5ff376ac

    Download Submit

  • /data/user/0/com.studybut8/kl.txt
    Filesize

    45B

    MD5

    062e9c5ea6662657deeacf144ddf61ee

    SHA1

    cc9ea6ae83fac5d3b1a59d54fd29db8a82924798

    SHA256

    1f07d6cc077f52c6ff42542ac725616ebd17bc5f429092120cd03f7a5aa7ecf5

    SHA512

    8196601d28b3bad94d5aa531505525ad13920acd61481fb82f58d128f4a8d60a9028950085e04b56ff8de2c70b322a678a372cd0cb2fe0ff676c92ea7e7b643e

    Download Submit

  • /data/user/0/com.studybut8/kl.txt
    Filesize

    466B

    MD5

    0ffa902d4d60e5ebddf83b9f4e2d6f81

    SHA1

    deb5a5598881455a7e9c72cf9b903d39c7f1ef17

    SHA256

    856585b34486d9149c800dc91464982c69d883f1b6fceb4567bf1b8ef7d53781

    SHA512

    4dc5f4fe898fbe68a06c030e694b1e25f6b5f70f68c5bb438ba183449cc4aad65bcec7659cfe4801ab392ab7f796b0d14e7895eec576d681a7fd834f99691daf

    Download Submit