Analysis
-
max time kernel
2017835s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20220823-en -
submitted
01/06/2023, 18:23
General
-
Target
chrome-update01515.apk
-
Size
541KB
-
MD5
dd2d7e51b450f315a16eb58086584ad8
-
SHA1
036cfd1d37c30d5b7b5c993ecc4920381f55b3fa
-
SHA256
e7605aa4a7cada543abd3ab160a69a26d9e9d7a4e815645cbd882cd4e8f1753f
-
SHA512
da34289712114b6beedcf77a4d59fe4504fbd619f483b885589a23305792ec38e0080f636f84fa929c2adf6103e74e4c42c8a76c368910505602e4a3ab47814e
-
SSDEEP
12288:4wiBvyQqX7t9NLXWCxKHBU78SdBpj7TrRgWn8:Javy9X7lmZWvpTrWWn8
Malware Config
Extracted
octo
https://vnajgumonculeag.info/YWRhZjAxNGM1YjFh/
https://cnajomoredgac.pro/YWRhZjAxNGM1YjFh/
https://honeuyseebadg.live/YWRhZjAxNGM1YjFh/
https://hastperstians.space/YWRhZjAxNGM1YjFh/
https://laskerbanys.kz/YWRhZjAxNGM1YjFh/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.strongdown61⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20B
MD593027d42b314432c4216e6cfca48b384
SHA143448dd8102979c3926828182579691945eedd4e
SHA2563cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e
-
Filesize
48B
MD5e303abc2e9d1e24d5925b8050370da63
SHA119fd6c6bf9a2fbff2ace179ea2b3d2f23217146f
SHA256943807cd9fb1c5804a2b4882665ad3371356d6b824d1f97268d9a6b4685ce0f2
SHA5127b505b08f0704fac7a88a43eb5dc80c9547f51b4d9561943a97321d08603744463c50614e206c875327e08b6bcd6b2f9bb20c4e6ae2c9154b464714975cba8f6
-
Filesize
104KB
MD5dc79f9ce5f3ab5270b33e61119dfc959
SHA11844bf222a5144b513dcf2fb50a18c011701c647
SHA25647e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA51218b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e
-
Filesize
1KB
MD544d5de02ff25297de6d32b8ef769cbbf
SHA131a4170cfe0cdfc30735098bd0ae9ae6cc7c7392
SHA25694464ae8df54dd6de9365cdc6084792a5b44f3b8f7046f652fb30d892997be57
SHA51292c6aae44ac5459ced674f21ff9d7ccb544e1ab35358b989833a0661d853470dc13d9af5a7effca62f3b119eeb7548440a8d6aa32603a8d2f9e2efd884c48bb0
-
Filesize
36B
MD5216c617b5d5ef12ec43e11a2c3b06a6b
SHA1951060574c3ab8202746aa70edf38d2e3ac749ea
SHA2564bb3085e1c0d525dfa2401db5ddad0c8f49212432104d13b2f43de23e04238ad
SHA512952b77662e54cc948ef77192007cb267b7814a8f93c629e2235e551987db23f92ee0a2461a24986b8777594e35fa1028b90e4fe4c88bcd8ff90ec2c77d48483d
-
Filesize
449KB
MD5f0faf93064c31cbe7989d04a5d195e9d
SHA14f5703118668430710970c69cd0e10deafa6c750
SHA2565cee6b3299e090b467d2adeb2b12ed92b5d4786e8ea8b95f7d288d15d6db2eba
SHA512234c2c5a7549bdfd7121b4f13c1a217d806d53cf470907b66f4a22d473a088019e5114f4a743efc34785728ed9ad962842aa62818f98f4e067845384464a569c
-
Filesize
449KB
MD5f0faf93064c31cbe7989d04a5d195e9d
SHA14f5703118668430710970c69cd0e10deafa6c750
SHA2565cee6b3299e090b467d2adeb2b12ed92b5d4786e8ea8b95f7d288d15d6db2eba
SHA512234c2c5a7549bdfd7121b4f13c1a217d806d53cf470907b66f4a22d473a088019e5114f4a743efc34785728ed9ad962842aa62818f98f4e067845384464a569c
-
Filesize
449KB
MD5f0faf93064c31cbe7989d04a5d195e9d
SHA14f5703118668430710970c69cd0e10deafa6c750
SHA2565cee6b3299e090b467d2adeb2b12ed92b5d4786e8ea8b95f7d288d15d6db2eba
SHA512234c2c5a7549bdfd7121b4f13c1a217d806d53cf470907b66f4a22d473a088019e5114f4a743efc34785728ed9ad962842aa62818f98f4e067845384464a569c
-
Filesize
127B
MD521223e9184445fe043476484cd8cb1f9
SHA12b4813f849121d60ba35eb0889080668bb62c778
SHA256bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48
-
Filesize
133B
MD559da7d126f02d5d525d16bbe72496a4b
SHA1ecb76d979ba1e79abca665af180e474671cc11cb
SHA2566b96e71fb8c930c1df6221f8f5d147bec372450a2a37027f59f46718488be784
SHA51202ecfd51a7c131bf6b5d1a44c08c6ef6c426d981ff92c4c01e5b38aac1db848ffc68c91d36c2491bf5918dc62fb5e2b04fa35c9d54c04f3828a1b6e6ea84416c
-
Filesize
3KB
MD5da3667ee2eab1fdfd68061c58e13519d
SHA13ed35db87e503de1f2b297ca5a7cff4094f56365
SHA25686e1429786f05ad6f782592121a851d1bddc039f722cbd98bd0e209759d2be24
SHA512610323d28d3f33df04400206d246a16feadd21a81115818ad50448084bdd04a051b90513cad1bc200160a1d3225635dba240b53721275a0b942c743283d79991