Overview

overview

10

Static

static

6

6ad5771e03...2b.apk

android-9-x86

10

6ad5771e03...2b.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    24/03/2025, 22:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ad5771e032b66caabcf3b531a0647444849d9afa1708767bc178b2af9db432b.apk

  • Size

    2.0MB

  • MD5

    3e658b4807e17153d6a879a7061f2aa0

  • SHA1

    2e3ac0a39f8ff81edc341545987b017ded6adb14

  • SHA256

    6ad5771e032b66caabcf3b531a0647444849d9afa1708767bc178b2af9db432b

  • SHA512

    952319493125299f933dfa9f541a91bfa6ceabcc91b34f6ab8d796f1cecac9c0640d7e8d782a9bcf3073b268fae3455a9bb2e9066bf1e44c4188e2660ab3960d

  • SSDEEP

    49152:Zulrw1TcY65kYz7eg4CX5R8dcSPmRSCtfl3HML6u:glGcY65kYzKfCX5R8dcWmgGfl8Z

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://r85d4kbe5729.vip/MTU2OWE0NzJjNGY5/

https://4ht227ce29z6.xyz/MTU2OWE0NzJjNGY5/

https://6kd020yb568x.top/MTU2OWE0NzJjNGY5/

https://f2kic1nam25n81k.cc/MTU2OWE0NzJjNGY5/

https://99ol9f44xvgo.cn/MTU2OWE0NzJjNGY5/
rc4.plain

Extracted

Family

octo

C2

https://r85d4kbe5729.vip/MTU2OWE0NzJjNGY5/

https://4ht227ce29z6.xyz/MTU2OWE0NzJjNGY5/

https://6kd020yb568x.top/MTU2OWE0NzJjNGY5/

https://f2kic1nam25n81k.cc/MTU2OWE0NzJjNGY5/

https://99ol9f44xvgo.cn/MTU2OWE0NzJjNGY5/
AES_key

Signatures

Processes

  • com.uptown36
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4770

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.uptown36/app_DynamicOptDex/rHR.json
    Filesize

    2KB

    MD5

    a98c27f2d802de482c933cbb6e204511

    SHA1

    a201d826d0199f0087b92bce7c46432ae4e72b35

    SHA256

    405d2d57653aa13caf819dd44941f3850be28ccb944d887b0dd0a583bb700eb3

    SHA512

    2f83b1e40ecc0243e7038fb007823b177de78e9b04d6e42a873d0f00d9e8487152fb707f70508638a897604e12a85e9dd1e4f33b21ca132dd6378deaf60964a3

    Download Submit

  • /data/user/0/com.uptown36/app_DynamicOptDex/rHR.json
    Filesize

    2KB

    MD5

    4cca8f4b2ecfa0a565a4eaea702b8c94

    SHA1

    9f0374e5e03a07100d8bb7a496aebe4a3187c465

    SHA256

    7e0949215c4d1afd910c87c5fdf4c19853cd9ee7b77d3ef7b88d44c6063bf273

    SHA512

    bc3caf0796937585f3933e4df4f8667151ab348a0607bdbdab29a790b6bc90f9aa3ad3a12110a31c27a0344fd78612c06e3430b4542b4e8704d3c6d6caad714b

    Download Submit

  • /data/user/0/com.uptown36/app_DynamicOptDex/rHR.json
    Filesize

    6KB

    MD5

    a2d1b6aa6d7193b53079ee7b798804ad

    SHA1

    4dd211a992e9d8533037a294f4186285e4487bf2

    SHA256

    69824958a87c263dd8d55cb2e84484645f1847f21281bec94bbebf9db5b6881c

    SHA512

    34da070f3c26c07a2d64d390a16647bb3e6b688ca5247bd389eff90ddc8c6513cdcf594b4c654364aa2711b0b979eefb0b6045f14f8f0505d6d6b8529dc6fc85

    Download Submit

  • /data/user/0/com.uptown36/cache/oat/wuiycb.cur.prof
    Filesize

    338B

    MD5

    b206451c9aa240e41fec54dd3726a736

    SHA1

    271672a8fac7897bb401e874e61179a8c6a11824

    SHA256

    9c988e124fe83d9d78395bc1969d5175d708e68e89de127c34ffcf4058d09f51

    SHA512

    dcb9a7149eb7b832360b23ec63a7709f1c3bdae5e61049db8e1c837d13cea4d6976565c3c3cdde4b893706bad1b10aba8013e05d729b84179f3cb9e14a1102fb

    Download Submit

  • /data/user/0/com.uptown36/cache/wuiycb
    Filesize

    457KB

    MD5

    ef22b1abb17fce6ff977331eece0b43d

    SHA1

    220e1337e83cd74286a25ac9f75808010d773517

    SHA256

    32ca51c54c11a4bf0e9ed240048bdfe6a1851b83d93eeea3ec84a6d98b01ad0d

    SHA512

    d6e327d2c3290f21d1fd9c693835e3f27d1029a5de37c225bb2d666af1da5cbb55f2887e4393bb2c903ce42afcb8f77fc11ca1a43a8bc66db26989d9dae853b9

    Download Submit

  • /data/user/0/com.uptown36/kl.txt
    Filesize

    484B

    MD5

    8d7d13e3c40d064fd4b44e60e2fba3ef

    SHA1

    ff9214adc488c8e3730b882f5579ae48c9799dbf

    SHA256

    e70e567944ffb0ffd4c43165e8b8b9358bf00adea6bf754ea23b82fa1c17d305

    SHA512

    50540d4fdd16afc6894f8262c0943514971a3f28bf9d78ed9fbaeff8822cd1714af68b3b496daa4d85a309e14cde551b75f02a47aa837a0c0945c760e1ae3474

    Download Submit

  • /data/user/0/com.uptown36/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.uptown36/kl.txt
    Filesize

    239B

    MD5

    bbb7f868b96a419f6cb857509b2da9e0

    SHA1

    426469bcd50956d7810fa51d145f3d86dac5b228

    SHA256

    6a2f8b00d25cbd0c4b764ef2cff2512a2dc91e9f035028b1bd5217e6c394ee1e

    SHA512

    42261ff53d1a892c5f77b58c13da209e2199fe61961a60f366b73b8576615b17a863b0c8635a5726b319b57ba1fdab19cc2bb512fd62e4e93ed2b38dbb4f6469

    Download Submit

  • /data/user/0/com.uptown36/kl.txt
    Filesize

    45B

    MD5

    23378a66c14947555092f00b26673fd6

    SHA1

    0853475708d82293a8e62414fe01d2fb5fe6d0c9

    SHA256

    4027fadd7452b4a9c4415af1aa97648c14fe9a1c10ef1e587b6cf3812ecb5a78

    SHA512

    0215a54a15cec05ef4758ced71c8bc06a10af704c17389989476ae740460e8c3c9a99463ed523a2a108b46801ba47a30da0f151b71702222a33f3b426fe9858e

    Download Submit

  • /data/user/0/com.uptown36/kl.txt
    Filesize

    63B

    MD5

    ccb4207eeb26926bcdea81b3e0addd65

    SHA1

    8dcdcabffc8bb01d6b4a444180c96d327b999fe2

    SHA256

    86841e8d1621694e27552701bd58e89f27224198515839b92300177ecd25663a

    SHA512

    95d6941cd071fa47b582d412e64d49ea03e4414549ef5cb0d3a4a4651cbaecdcc4e5723efb231fd1981bd2258f809fbd72676c6ffc77f3df3a1579c07cf7e14e

    Download Submit