Overview

overview

10

Static

static

6

50cfd07483...d1.apk

android-9-x86

10

50cfd07483...d1.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    27/03/2025, 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50cfd07483c3c6e64a59ffc90c35ccdedd674cc58d7a5cacbcb98f526fb92ed1.apk

  • Size

    2.4MB

  • MD5

    e89cdfad886710b56d72e0bb37970f62

  • SHA1

    7eac9e3039f66d4cd52786563e9ea74dd7766cfc

  • SHA256

    50cfd07483c3c6e64a59ffc90c35ccdedd674cc58d7a5cacbcb98f526fb92ed1

  • SHA512

    4305fca90123aa2e861e9a0fd16409c618dee732290d18aa4b19ceb79d3020137d6032165b6b4155c40c20e58d52389596beeb1e9ab4ac91c2ca52d9c195dea1

  • SSDEEP

    49152:aaH3lsocRRXBffrnJpR4O+AE4KoSDZP5S90KxZGZbmq/Q0J1vN92Y3O61hcSEKFK:aaHVJcRRRHrnJpaaWZ4bxZQ//Q0rvN9Y

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://topchanov.live/ZTZkNTJjNTkwYzk3/

https://bobnoopopo.org/ZTZkNTJjNTkwYzk3/

https://junggvrebvqqpo.org/ZTZkNTJjNTkwYzk3/

https://junggpervbvqqqqqqpo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvqqgrouppo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvqqnetokpo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvq.top/ZTZkNTJjNTkwYzk3/

https://junggvbvq5656.top/ZTZkNTJjNTkwYzk3/

https://jungjunjunggvbvq.top/ZTZkNTJjNTkwYzk3/
rc4.plain

Extracted

Family

octo

C2

https://topchanov.live/ZTZkNTJjNTkwYzk3/

https://bobnoopopo.org/ZTZkNTJjNTkwYzk3/

https://junggvrebvqqpo.org/ZTZkNTJjNTkwYzk3/

https://junggpervbvqqqqqqpo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvqqgrouppo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvqqnetokpo.com/ZTZkNTJjNTkwYzk3/

https://junggvbvq.top/ZTZkNTJjNTkwYzk3/

https://junggvbvq5656.top/ZTZkNTJjNTkwYzk3/

https://jungjunjunggvbvq.top/ZTZkNTJjNTkwYzk3/
AES_key

Signatures

Processes

  • com.waitthan93
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4476

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.waitthan93/app_DynamicOptDex/XywbJP.json
    Filesize

    1KB

    MD5

    f478b186786b2e85d060144cdea69b8f

    SHA1

    9e14ae2f0eb8676455e8864220c9478c1f6206da

    SHA256

    72c0757eb70df7f03f8a8549805e91c1d7e0942821fe57ac36a6b21852c2f59f

    SHA512

    edaf290f4e89efd5c686b8daa7246e6f4f1f8b4b80ad3dab9bb4a3a603ec8fd0086c7edd791f3fe518268ad6a68b07f8f8535fb07922a8728b967d8150f0c1cd

    Download Submit

  • /data/user/0/com.waitthan93/app_DynamicOptDex/XywbJP.json
    Filesize

    1KB

    MD5

    063dcc1733a3755c60e7af71404500a8

    SHA1

    ae12aade901cd004020b74d8f60e4e94361d1f45

    SHA256

    3f9b42bb52a24206555834b869915328d394572cc926c8d7d5d8eff41aba0f48

    SHA512

    a42c66e9a2eb1ba301b0f0d673309879c8bd7be5c7a30fea81117b3799d2083717d0f60196dfa48b2e12c785b429623361bf0ee3f2f4a5ed2ac000646cdd0b95

    Download Submit

  • /data/user/0/com.waitthan93/app_DynamicOptDex/XywbJP.json
    Filesize

    2KB

    MD5

    d9789c87d0dec545ef068bde5cba5d30

    SHA1

    9ccfca5ea3a8891ba67c7e5ff1f3a6da42595ccc

    SHA256

    27cb1d6fc822dc9ec60d77185f40a4a2805975f0eb8d5148eaee799740f38bd3

    SHA512

    36d1960ff31df1210618f4444de4580a7234808d3035496e2996c4649ba7011d2ca909a800fac7bddc7ed4ad6f236cb486a693025e40389fd0420cc5e0ceeff9

    Download Submit

  • /data/user/0/com.waitthan93/cache/oat/yzcuogegc.cur.prof
    Filesize

    396B

    MD5

    5b60e682359e6c3c833af82fbd80320a

    SHA1

    38f15497ea3d12775bd56e9306bf75306538fc8b

    SHA256

    d8b99bf7c7681ae0933ee73b50b8d0c49818bdee79cb434b3011ebbe1a430619

    SHA512

    ce145688a6ca0bfa8bf22c27d27c2ebe3b8718aa5b067317f69abf453739d950788eeef7fd69e26dfdc0dfc37366fb5903d177a0260e3a7d7bed6aafc5ac7a90

    Download Submit

  • /data/user/0/com.waitthan93/cache/yzcuogegc
    Filesize

    448KB

    MD5

    c1a78ae53199ebfb0afadb96ac6aefc9

    SHA1

    5228449dfe2bc0e4178f07626a77294c9b04752a

    SHA256

    71113e82326ee4f6a6861a9ec964b6fbc874c3bbb4a93f3a18218339cc95cc33

    SHA512

    96416574b031f17e675d76e6f925ff22b5bc40eb0c28acd555ed3d81500f5c3342037604597c8fe7edafd48f39c35a99061dffab7dc527cb58dc6d3672baee3f

    Download Submit

  • /data/user/0/com.waitthan93/kl.txt
    Filesize

    61B

    MD5

    e253e75a4102826088061856fc33305b

    SHA1

    f463e6f8423f5944c913877ed94b086fab4c07a9

    SHA256

    c6c0ae82de5462c48a0353318431ed0a3786c4f7cd7ecb4751c527956a6c41e7

    SHA512

    bc058301cd40e10e8bd1b56210b33371e40f0b1d447ee5a762671158be0bab5e03b0651bcfd3c84d75059624966fe20d7fa02a2acb7a756403aed4430fea7009

    Download Submit

  • /data/user/0/com.waitthan93/kl.txt
    Filesize

    76B

    MD5

    882fb29baa7764ea44bc40dfe63c7d98

    SHA1

    d1a9b02976e73a1bc5af50fdfab5a5ffa002aac2

    SHA256

    1da7563070d158ce37d517f9510ef71e32eebd5becacc676c2a2ea1bee3ed19d

    SHA512

    58a2e3c956c0fcc0acb035d1327f2e40e8559f447a54cb8bdb5255073e11602c5f519d40fa155747fa4a408a36d31edc88c2e6ea3b29f93c78de4efaa350a0d0

    Download Submit

  • /data/user/0/com.waitthan93/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.waitthan93/kl.txt
    Filesize

    221B

    MD5

    9135e511e2ff0b09236e6d330816e74f

    SHA1

    d276160fda604d5e8f71ec593e0b3f87a72de5b1

    SHA256

    8db546441c05556c88a1551fdf22993d6d27f891e9fc46bec06a9e3d33fd5f4a

    SHA512

    8ab7714cee3ec11d345eedcf54ed627e59c07878d48072d598197797ef5cd14eb3d1b610123378f469cc93729b7ec50bec391755c84a2956e96af03b706874ce

    Download Submit

  • /data/user/0/com.waitthan93/kl.txt
    Filesize

    64B

    MD5

    de3e9bb9f3ee4bcf23b60de7d02faee3

    SHA1

    ee31bc881b28367d9c8e4822e023010e588eb294

    SHA256

    a10e157c313ec6677c86b72656ddbfbda33f72e146ab9b1969056925d62d8d59

    SHA512

    b35b196913a926ca0e559ca160d9e744c3812a941dd7eaeaa4de97b47c319e722353cf1360522b5461c771f5cb9ff6d40eb32f620aaa5dbf0db9d0c3533dfcbb

    Download Submit