Resubmissions
28-08-2023 03:14
230828-drt8kaha7x 1027-08-2023 07:43
230827-jknebsaa7y 1013-03-2023 08:26
230313-kb22ssbd8y 10Analysis
-
max time kernel
3658918s -
max time network
165s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
submitted
13-03-2023 08:26
General
-
Target
4261cc05a8c4ecaf1605ef931397a4d97cc12fe38738a4f6016c3695aa2c571f.apk
-
Size
1.4MB
-
MD5
85b7a0e8cdee68bca806fc45948c2d82
-
SHA1
9b07766286667e6444c93e86d833a426a5d660f0
-
SHA256
4261cc05a8c4ecaf1605ef931397a4d97cc12fe38738a4f6016c3695aa2c571f
-
SHA512
2b96e5ae7597ea50255f615a29a7fe62dbfb16616aa02135b38223d40ccdf32b0c29d66ac8296449ce34fbcf5cc12ed16b617a4afe8649e0ba1bebd78d064213
-
SSDEEP
24576:cCwdv9Xe5XTlreQU99NRvxZKZcxRYjMIioPZcjdNN+60Dzgv4HBd:zwdvQlTl05JEZcPYjMIZRcZNN+6ozgvC
Malware Config
Extracted
octo
https://s22231232fdnsjds.top/PArhFzp5sG2sN/
https://s32231232fdnsjds.top/PArhFzp5sG2sN/
https://s42231232fdnsjds.top/PArhFzp5sG2sN/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
-
Makes use of the framework's Accessibility service. 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.theseeye51⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
157KB
MD5857aad05090b46db76e05aa6abee7635
SHA11e5c17b30b6afcfefbcc36a0dab550c068a46d9d
SHA25636218e3c4411bdc720231bae88a3a047057464280fdf1ab27485c693bebaa869
SHA5123446d0ac1dcbd0e6e775d697fa3b96c259ee3cf55e2324a01bc2c855b4792c1f223846bc087d7ed138da961e35fb5d3a72c1a64ac8e1d62db9f4071c06a13e1f
-
Filesize
157KB
MD5857aad05090b46db76e05aa6abee7635
SHA11e5c17b30b6afcfefbcc36a0dab550c068a46d9d
SHA25636218e3c4411bdc720231bae88a3a047057464280fdf1ab27485c693bebaa869
SHA5123446d0ac1dcbd0e6e775d697fa3b96c259ee3cf55e2324a01bc2c855b4792c1f223846bc087d7ed138da961e35fb5d3a72c1a64ac8e1d62db9f4071c06a13e1f
-
Filesize
157KB
MD5857aad05090b46db76e05aa6abee7635
SHA11e5c17b30b6afcfefbcc36a0dab550c068a46d9d
SHA25636218e3c4411bdc720231bae88a3a047057464280fdf1ab27485c693bebaa869
SHA5123446d0ac1dcbd0e6e775d697fa3b96c259ee3cf55e2324a01bc2c855b4792c1f223846bc087d7ed138da961e35fb5d3a72c1a64ac8e1d62db9f4071c06a13e1f
-
Filesize
131B
MD5cc51dceeeeba06a5b22a7e6a51a257af
SHA1a39004c98acdf7c392c724f51d9d3846b0e80a52
SHA2568e4b00a3500e8806b0b9ce564e344c5a09a5a0c7cfc595d5c8b68d40f078cd39
SHA512d7a44620b02d24b4fa6979bbbd963e7e0a501856d85a8fbf0c3d6217ca15dd6d433efe58f1fe1046110f9a26cb95f306255e1af72c6c4769673dd62d13af7214
-
Filesize
7KB
MD59b7a512bc78bc220d07f6d685e8923af
SHA12960d8212751a8cd8b5e429a94496dd2b1ab1785
SHA256daed06900e7e6dc52da4d8aa499a25ecb757d861d26c5f308314a485a364e8c4
SHA5120dec95cb83aaac696c035da982e91fa78e10643cec74923cebee12cd88350dea88ecd6ca8df2d8a1ab514408c51f4a54b885e43f3e8ec2f243343fde09d923f7