Overview

overview

10

Static

static

6

7ece55b704...7f.apk

android-9-x86

10

7ece55b704...7f.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    168s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    24/03/2025, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ece55b70494d9476d51f05139b1a60c798d6a28c8e0f05cd6d249c5e63d417f.apk

  • Size

    1.8MB

  • MD5

    8d30e2e7c51d4915a31e08750e306f63

  • SHA1

    1c394a2c6d9395baceebd94feaff6d4177156e79

  • SHA256

    7ece55b70494d9476d51f05139b1a60c798d6a28c8e0f05cd6d249c5e63d417f

  • SHA512

    0803c927ad5b500f7fd7d65af0c36e98b4437ff1732d6c7ed9e82074000b08b645af0d065d4e54793c7362de01bd117c13c32636064049796f68ac4ca58cb428

  • SSDEEP

    49152:itfChUH65gXLPyRyM16gIb6HbY85XGZGZbmq1KZPAE4KoSz:itfCWHSyLPyRyHgIT85XGZQ/1L6

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://chroww.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
rc4.plain

Extracted

Family

octo

C2

https://chroww.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
AES_key

Signatures

Processes

  • com.bestgetkvg
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4760

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.bestgetkvg/app_DynamicOptDex/na.json
    Filesize

    2KB

    MD5

    faa869fd70c3b1350e99e33226da3a29

    SHA1

    51298a19da76a059a2b95d24dc06dbbb3d33b3fa

    SHA256

    ed86fb77817b7a1f8563fe6b28e194741534a766c01fff2d3802b53a065d27e5

    SHA512

    79c5884e1cb9396afa316adbc76902e19666f01736be5ec74b9dc9dd5f12c7c182a051ccd1a0e39fee9250b73563cb23968cadf780441b8d9f86983dfff61abf

    Download Submit

  • /data/user/0/com.bestgetkvg/app_DynamicOptDex/na.json
    Filesize

    2KB

    MD5

    eac5252de685c45b297dae1be2d39d05

    SHA1

    a6fd60fd91a50ab1cd96589d1ee13bd850505423

    SHA256

    870fb5d6e463807094c92391f294d70ba3712b162c0620018a3fcb823db0f132

    SHA512

    27752e6bf34fcaade6af805d3f2a81140eafc073418b84b38efce782ab20dd06f22be8e5e274d38aa8187769a2cbf7cbc0767bcac1d91658b7a8d2de0b1ca15c

    Download Submit

  • /data/user/0/com.bestgetkvg/app_DynamicOptDex/na.json
    Filesize

    6KB

    MD5

    d9046b325d19d131c381ba3604444296

    SHA1

    62acd85abc113895fb7e73b21394c1e5df5abef1

    SHA256

    8fe655961a0a5606139a83918171f1e0ff8aae47b8544d1cfdc42841879f4cc8

    SHA512

    dc6888f8e6fa5b890fe0f5d693c4d522ba721c0818ffb151b092d34ab7fcb70dddc418916f98568ae1deed533472ce9bcd0af67fbdce7afcf7439d2a035cde4d

    Download Submit

  • /data/user/0/com.bestgetkvg/cache/hmsxvlj
    Filesize

    449KB

    MD5

    6efd7a5b2e809811e0aa29d2c5a062b1

    SHA1

    bd6f7fdc9d497d1a28284f43d5a46298505494ab

    SHA256

    a92ea5834508e738dcd058969afc6906e009ef42886d9d910b1e6f9ae1ac01f7

    SHA512

    e8d9ab7610e124349c59c9e86f3457dc7d12d394dc1b692ae64ea56bfc2204b22fe8675df8f09098bb870cd7e512d82d1a6da313502d803e140c91eae9e3cf77

    Download Submit

  • /data/user/0/com.bestgetkvg/cache/oat/hmsxvlj.cur.prof
    Filesize

    350B

    MD5

    5a26cce3beb9e28b2bdbcb93680dbd48

    SHA1

    ef3031ce1ca02516955a510eb979e7f65964b28f

    SHA256

    9366211d0168ac408c0bcfc19cea95a750804194b8b6bb948c4288f1fe192467

    SHA512

    6f6fffd45f01e19e2000066382c6b1befb06c2889b5a17df968d509980f64d1880fd4457031686ebf16be2fafacc3351bf33e333c98ce85071c636b54259ae5f

    Download Submit

  • /data/user/0/com.bestgetkvg/kl.txt
    Filesize

    480B

    MD5

    8864c0e02ad37d767bb13f092ece5e8e

    SHA1

    16464d5e8efd8058d3f420906d57c31d4b73f9ea

    SHA256

    582e486c9507c798598b331b47b4cab974759054c0c18442b0062b54f85fd9ec

    SHA512

    4226435aebf03ef87fa4cc5a926dfaa47242a3c1643af3aa2954783129c29a1b8f05e205d2e81f2dfd9c8d25d6c0e4a7ec812a29e6bf5bc2c5dfbae49a0ecae3

    Download Submit

  • /data/user/0/com.bestgetkvg/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.bestgetkvg/kl.txt
    Filesize

    237B

    MD5

    84df141371738cd6b6d65982b462c35c

    SHA1

    34fcf8ed9c2df2fdb9f66e0576b33e69f08d7526

    SHA256

    649e1051c42e85a7fe6166935a62d2d7602b6482ce1dd34a9d330e2711c5ddd8

    SHA512

    a8b7f7c285180cc3ed377785ca55bc4ac7dfc4d61977e08258460137f276d0ce44c7815b140f9fe80113403d010005c5ae410dd1124d49f7741b04bb5fe8d925

    Download Submit

  • /data/user/0/com.bestgetkvg/kl.txt
    Filesize

    64B

    MD5

    4feb48878a926e025eaec77ec314eac9

    SHA1

    960644e4e266e3f0b81abfae37ba19cba6f80948

    SHA256

    a62964c2a60a769bc2217e9da4abe667acb6629d31c40f6fb2de77a2d56383a1

    SHA512

    8087a957ea04111f0135a14a7161e82d104ab8309a1921d2bbeb47333aa23c468f0dd8da036977cdad3ef66737c5cb7f4e5a3f994b0cb1d6dc14095d9c24347d

    Download Submit

  • /data/user/0/com.bestgetkvg/kl.txt
    Filesize

    54B

    MD5

    1d2300fb0bd1b975cd7f1ac5bd5c5cda

    SHA1

    aa5a3c0e7b33754984e075e9d549caed56a084ed

    SHA256

    5e31366032006b990b5b32a9c39f238099a99176f441c7de0885d12a12239ff4

    SHA512

    89e17af98df17c10d00f7342a5f3a828bd17b3b7180808edfb72ebd332c00a1c46e63df9a1fb4f5bf15452b58ef7972a296c22c0cf5b48bb8e22bf7540409ec6

    Download Submit