Analysis
-
max time kernel
145s -
max time network
150s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
27/03/2025, 12:18
General
-
Target
486d6a713d8c907df70a919729ac685328ab91a8977c2e352165640c4bd4d507.apk
-
Size
3.7MB
-
MD5
cee4b1fae8a45502d106a200593a9125
-
SHA1
627ef79b459b7e4c001ec298e7fae9f82f16fc97
-
SHA256
486d6a713d8c907df70a919729ac685328ab91a8977c2e352165640c4bd4d507
-
SHA512
8ce3d4580af1855f39bc4714490731ff4414b0d425dacfc64055b1fd0618495149d148fdcdcfab66c47542d63ab0c7af80a056a8f3faf506b5e0899526bd8087
-
SSDEEP
98304:S6YFtCZdYrO7+d00Vs18LnORE/TRZWT1wS/j3uoz:S6QCzYrOw00ayTPLTWT/5
Score
10/10
Malware Config
Extracted
Family
oscorp
Botnet
1232XFKQTU
AES_key
AES_key
Signatures
-
Oscorp
Oscorp is an Android stealer that targets multiple financial information first seen in Feb 2021.
-
Oscorp family
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
hrevxqea.hgistuqw1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Performs UI accessibility actions on behalf of the user
- Uses Crypto APIs (Might try to encrypt user data)
-
.Geny221⤵
- Requests enabling of the accessibility settings.