octo | 439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5

Analysis

max time kernel
1555542s
max time network
150s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
13-06-2022 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5.apk
Size

1.4MB
MD5

13f82c6f6f722e03b708bff539affd04
SHA1

7828eb95578e0483e07f875cc4821acf965e629f
SHA256

439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5
SHA512

a0a3d8eca8a301de2f23aeef411432800a4f999bf25b21a747526b2ac50acdea28435739aa1afaf2f02d094a485fa487b46bee2f8cc4ef583b83123d4248be9f

Score

10^/10

octo banker evasion infostealer ransomware rat trojan

Malware Config

Extracted

Family

octo

https://idai2babd1.xyz/MWNhMjI2OTkyNjA3/

https://fabh23zuba.top/MWNhMjI2OTkyNjA3/

https://ahnudsbba.xyz/MWNhMjI2OTkyNjA3/

https://fu8hhaadl.com/MWNhMjI2OTkyNjA3/

https://jufhahbhazh.top/MWNhMjI2OTkyNjA3/

AES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo is a banking malware with remote access capabilities first seen in April 2022 3 IoCs

Processes:

resource	yara_rule
/data/user/0/com.frontwonder2/cache/entczqpw	family_octo
/data/user/0/com.frontwonder2/cache/entczqpw	family_octo
/data/user/0/com.frontwonder2/cache/entczqpw	family_octo

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.frontwonder2

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.frontwonder2

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.frontwonder2

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.frontwonder2
Acquires the wake lock. 1 IoCs

Processes:

com.frontwonder2

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.frontwonder2
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.frontwonder2

ioc pid process

/data/user/0/com.frontwonder2/cache/entczqpw 5308 com.frontwonder2
/data/user/0/com.frontwonder2/cache/entczqpw 5308 com.frontwonder2
Reads information about phone network operator.
Removes a system notification. 1 IoCs
evasion

Processes:

com.frontwonder2

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.frontwonder2
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.frontwonder2

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.frontwonder2

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.frontwonder2

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.frontwonder2

ioc	pid	process
/data/user/0/com.frontwonder2/cache/entczqpw	5308	com.frontwonder2
/data/user/0/com.frontwonder2/cache/entczqpw	5308	com.frontwonder2

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.frontwonder2

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.frontwonder2

com.frontwonder2
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:5308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.frontwonder2/app_webview/Cookies
Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.frontwonder2/app_webview/Cookies-journal
Filesize
1KB

MD5
6501df3e070431d7567b157653938135

SHA1
fc4cfab79f2acab19582813592957aa6a5df3998

SHA256
130f5edddd4050a0ede7a35291c1cdc78d593841703dcec5946f6da1072b7bef

SHA512
544f5c95233bfe2535511863678cecb759998bb9bf7650826767894ac1005090027a1a3bf59835ea8fda881175066d5f984f86eb792723a3f82d10a5ab1387d5

Download Submit
/data/user/0/com.frontwonder2/app_webview/GPUCache/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.frontwonder2/app_webview/GPUCache/index-dir/temp-index
Filesize
48B

MD5
8a3ba98d79c54bc45aae072472b3e5e6

SHA1
4e662198be1cf308e747ff77c278de593a12c700

SHA256
78a260de91390c4077439738116fa2ae6758441c28a34c4b431551bb59ba5527

SHA512
55ad0168b08165370acedd5c25b8c0b65e6b8730ec41ab0ceeb100b46f7024a8e1fa7b50dd3ac2c3c866b0709db514adedc8cf128db248c84c4aafa0e7ba07b1

Download Submit
/data/user/0/com.frontwonder2/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.frontwonder2/app_webview/Web Data-journal
Filesize
1KB

MD5
d57aede3d681e2ed88e2b88bd90bed84

SHA1
e9c65e09a83ea48c86824eba1dd2cd4cde3de716

SHA256
dee092acfe0d1289e2c36b867e8b4a5d9c556c2abb4af135f396d4e2cae1b67a

SHA512
fdd6f5ffc103daccf5c8c42356736f16a914c258383acf08e14c131f00d135e430fadadd48a9125a8b99b6b9e4f8c1377896d76867df1218006a80f8d212518a

Download Submit
/data/user/0/com.frontwonder2/app_webview/metrics_guid
Filesize
36B

MD5
4ea84021e6ee578a445665d577f58072

SHA1
651ded8f3c4e792e52003b2e87462c70906a0883

SHA256
bb77bf1d663121f1a999895edaeae60fb0259a6dc93df4f4396e0631805a7889

SHA512
e23b41d36c52abfd3a0f096220c019343252ee94e220f7b909effcd475df504fa9616e800f8e46c2962e311fdc134789f6e4b2775de90c360483d05773eeed2e

Download Submit
/data/user/0/com.frontwonder2/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.frontwonder2/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.frontwonder2/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.frontwonder2/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.frontwonder2/cache/entczqpw
Filesize
155KB

MD5
20ffa38d89d8f8f884bb9e936e614334

SHA1
cc7af211bcdfa8f57f6156de83e4c35c94791e89

SHA256
d2ed55a694a29213ef3f03b879e5b4a60174fd1de31530fded93b0425c7d8248

SHA512
29a811b4e66e3dae39ff14a3f9d3735aae2e39fe34e200a1dca880699cb8461fd71a832a3d03df39709bf1cd7d2d13fbb9b5a4c438e1afbf4b2bf51e51f7a677

Download Submit
/data/user/0/com.frontwonder2/cache/entczqpw
Filesize
155KB

MD5
20ffa38d89d8f8f884bb9e936e614334

SHA1
cc7af211bcdfa8f57f6156de83e4c35c94791e89

SHA256
d2ed55a694a29213ef3f03b879e5b4a60174fd1de31530fded93b0425c7d8248

SHA512
29a811b4e66e3dae39ff14a3f9d3735aae2e39fe34e200a1dca880699cb8461fd71a832a3d03df39709bf1cd7d2d13fbb9b5a4c438e1afbf4b2bf51e51f7a677

Download Submit
/data/user/0/com.frontwonder2/cache/entczqpw
Filesize
155KB

MD5
20ffa38d89d8f8f884bb9e936e614334

SHA1
cc7af211bcdfa8f57f6156de83e4c35c94791e89

SHA256
d2ed55a694a29213ef3f03b879e5b4a60174fd1de31530fded93b0425c7d8248

SHA512
29a811b4e66e3dae39ff14a3f9d3735aae2e39fe34e200a1dca880699cb8461fd71a832a3d03df39709bf1cd7d2d13fbb9b5a4c438e1afbf4b2bf51e51f7a677

Download Submit
/data/user/0/com.frontwonder2/cache/entczqpw.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.frontwonder2/cache/oat/entczqpw.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.frontwonder2/cache/org.chromium.android_webview/b0a02b365a6162e1_0
Filesize
217B

MD5
b36ff35f5fed8ed6681ac93002ff3c15

SHA1
e03856002894548065976b1ff084f42a8ab27a99

SHA256
b66346c7708312934e16a7a4025138b48e5e4e44bfaa075ed0095a4cc531f541

SHA512
23ccf69ce9bc1fa6a282ab8caf3bc2d4eb38de41670fc81f5d432f3f427b98a692767764e14b40340eaf63aae5cb1ac0e997c9110cd392c3ee4715a56794e68c

Download Submit
/data/user/0/com.frontwonder2/cache/org.chromium.android_webview/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.frontwonder2/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
48B

MD5
dee3ef7e0b389a150a40ee6a66715acb

SHA1
83f5a8c62d4b39f5633588dce13fd64cb666e606

SHA256
1690aca6f5a2c068a8fa61e32f58c94e5ec2fc442bbc9087cb643ec556a68501

SHA512
d09791e856b293b0c568acbb4f6259b0a2d87a81af981510b367f3eb02df2940954750e5a28183359b9dea348a3b96813aa4873d8fdd7266509fd2a181895260

Download Submit
/data/user/0/com.frontwonder2/cache/org.chromium.android_webview/index-dir/temp-index
Filesize
48B

MD5
bfaef8260cabdb682eebd4cfbeba718b

SHA1
bfb760335e9926531612a376cb53471a5a6ace59

SHA256
c835488049d08412c02841c869dc7ab1e644fd32bcdecaad694bba417c217550

SHA512
4e6e2a900575ac4bb02a32258e56780f16e7ffb61a17be321ccd5c639acc344c158a6bf90bbcdfc7aa02112c51386944b261a7cbe7dd734312e18646f51d37d8

Download Submit
/data/user/0/com.frontwonder2/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit