Overview

overview

10

Static

static

6

e0051349c9...18.apk

android-9-x86

10

e0051349c9...18.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    26/03/2025, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0051349c944e34eec255f63589622a955c9863fffd66fc993791119992bd618.apk

  • Size

    2.2MB

  • MD5

    4283caf51e0c26abfbc95062cc4ec4f5

  • SHA1

    65aa09016113f7ef65111375c237a160bd66c1f2

  • SHA256

    e0051349c944e34eec255f63589622a955c9863fffd66fc993791119992bd618

  • SHA512

    82c1fd84c9628391fa406d8f7f9f77650ee0fa5637ca984948c8570997ff8ee3eca171fdce4394c2e7bfc94416d2510f30990d69313bbade0ed40743555e1a43

  • SSDEEP

    49152:firnaUj3N7E4j/LC1uByRKfOlOWc/OrWaENhuDowXuZGZbmqZMMTAE4KoSH:KuUr+4j/cu0R3llc/OrWNgowXuZQ/Z8c

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://chroww.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
rc4.plain

Extracted

Family

octo

C2

https://chroww.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
AES_key

Signatures

Processes

  • com.poundlast7
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4621

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.poundlast7/app_DynamicOptDex/mNxCMjQ.json
    Filesize

    2KB

    MD5

    a37282f02dadd8b75ce69738cbe6818e

    SHA1

    692cbdd24e514360adfede7e885e6578296ca353

    SHA256

    43b85f2d8b4a14ebca8f5bb38a86be207df66cfa656e5d5bd036825404c063f0

    SHA512

    be7b88a33ad797c8a946f2ddc8bec0f09902dd125e10f90fbbcdeeb3715c7401d78463a9c143c1ff1e83c7f14e488a6eeae0eff8386f328946d284f039c99744

    Download Submit

  • /data/user/0/com.poundlast7/app_DynamicOptDex/mNxCMjQ.json
    Filesize

    2KB

    MD5

    54f4f655e2cf5ebf2cbc9a8b4136e48a

    SHA1

    187f8bc378de5cdb26c2835ff929a258c38527c3

    SHA256

    db80c7ce300562919d2149a1fd3fef4cafae70e457129b0fc08a2b83e4331ae4

    SHA512

    f1dc80783facfec02d05945d9b217f0ee2dec14c1e95939ee975126eaa874d1bb2b796eebdc726b1b6598e3dfc11202ebb1c22ffb258671b262fc36f62180d34

    Download Submit

  • /data/user/0/com.poundlast7/app_DynamicOptDex/mNxCMjQ.json
    Filesize

    5KB

    MD5

    d5f85082a617f16af2a60b23b6ef732c

    SHA1

    6f26bcf368be30f4e306e39eceaa7bd78b1f0006

    SHA256

    e8b20c8db53ea7f603585124ae1ff318921ff6c1fcd8a5db7b2aa466556152bb

    SHA512

    567828e2366099005b6e584b3dfc11efec49cc490aa170c124ac77bb7a09f8b4affd2fcee11a24d2b54338099ffc3869a1dba8118b04cd8e82525705dfc6a98a

    Download Submit

  • /data/user/0/com.poundlast7/cache/oat/xjogaabmrpxmrr.cur.prof
    Filesize

    356B

    MD5

    182c7fca81108bc21ab94dddfa225beb

    SHA1

    a87c05a6d59bd0fd950c32c4e3c3af39a61f461a

    SHA256

    f95ea4fb289ac263d7d93799e877756d942d75c0e1dee0fbfb0aaabf79634078

    SHA512

    8a3e26df8cdc8c9fc95c33051c2135ee5c8221889ff47be9fd0427993d4d31ed3274be7b9c614814f43210080234d438739533dfd6ee35a01fb29daf488b4608

    Download Submit

  • /data/user/0/com.poundlast7/cache/xjogaabmrpxmrr
    Filesize

    449KB

    MD5

    851299b394df79efff268f3e00bfe4e8

    SHA1

    8dec5ea111e6997932dcd22f645f6f82d77171b7

    SHA256

    376119bc8c1104e25aa760e300bc1f2eb40105ce57b2abfd007ba8edab20e859

    SHA512

    a47dab3484d5e06943556b8bfd0ee2f9ec5ce327f7eea0551c6d7ef89953805fabeccfc06a8b857986ca668f8563e89c916a3ad9b550f475ba8aa2f8280aeb7a

    Download Submit

  • /data/user/0/com.poundlast7/kl.txt
    Filesize

    480B

    MD5

    1f4fc465e0238a2ecfa728a3e2964c6a

    SHA1

    f833c33afe3bcbb690930ee7c3a3f5a81821e161

    SHA256

    9b9ba03f3c26fac3c0155d0b02df60ccda2c5dd9e4de464dd6945c4391118b9d

    SHA512

    b8e2358778508d87784d49ca3e23981c0e2b9bf8a5a1a97415aa7a59435c422969befd0d288c12450527bd9926b04499fe4cbb8f4cc03fc1e2c7dd18bcacf2f6

    Download Submit

  • /data/user/0/com.poundlast7/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.poundlast7/kl.txt
    Filesize

    237B

    MD5

    3469c05a8253ca6639af4cea5bff1d16

    SHA1

    71cb2d7b9e8ecc6a80ab3306bc118a715d7ab1aa

    SHA256

    5e8cb68b01fb76529e0a5db9a4664dc8672511f31eeeb0434501aced2c5ac359

    SHA512

    2b4191e49005d7abe06c81f5acbdae13430bddaeacd3bef931925b25c7cb15857b1a1396ffae5be7203732e3a17010ffdcf2347f51edfe19cdbbdf6a5de72112

    Download Submit

  • /data/user/0/com.poundlast7/kl.txt
    Filesize

    63B

    MD5

    1e9c50507bbc853ea5286efe85770433

    SHA1

    22cf5166f61c4afef08b1c2ce7ed4a6e3a2e21b0

    SHA256

    cd4859b82b7912c8aef9f928b16957dec658b98507a24930e201e627d916bb93

    SHA512

    381b4269ae795ebf50e2ea94ad37f12a12495a2a87a98252552bab42a6d8fd95b5c8210a2b4ccc4b4235ff51d31788ea576bbed053b7b32aec612bbf435215de

    Download Submit

  • /data/user/0/com.poundlast7/kl.txt
    Filesize

    45B

    MD5

    18f96749615ad041f100ad89fd17bd5c

    SHA1

    10e8dad72b2e8740bb130c6b7ad7a40f5b029178

    SHA256

    cdb9ffc31e126f60ec748d35e56d4f9c002a9a47a7592608c52b0da6d3077e19

    SHA512

    bb68cb6be7e9af5acc4de7386b62d2d319462a6e6c11f2a0d973063499989344126e895bf3a6a591f10c7362815edbc3aa0f2d29d31e986a07918039797d2040

    Download Submit