Overview

overview

10

Static

static

7

GooglePlay...te.apk

android-9-x86

10

GooglePlay...te.apk

android-11-x64

10

Resubmissions

10-06-2023 13:52

230610-q6nqjsfb34 10

10-06-2023 08:13

230610-j4wvtafb3x 10

Analysis

  • max time kernel
    2757832s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • submitted
    10-06-2023 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GooglePlay23Update.apk

  • Size

    527KB

  • MD5

    678ec9c49e39cfb9968133070a42bc68

  • SHA1

    81f3a1c6f9cb21da4b7583950c57df19ad792954

  • SHA256

    b8f6a1c6bca732179a2910f4edfe14da338fc450916c3ac30624ab0e97ee5cdb

  • SHA512

    08a4f71f1391b4576ae09c54202ada1e5fdeb4ee340d63c8238d6dd9eb957acb7648acf46720d6625551f65df504b65030665d4e7532d8e03870318a1349ca32

  • SSDEEP

    12288:dsrKKeBnu0q711M8r/P0YqyICAiVJJupr8+/CKIl4a:dsl4u0qn5TvZAqJom+HIl1

Score
10/10
octobankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://2fdghhoo11.top/doc/

https://3fdghhoo11.top/doc/

https://4fdghhoo11.top/doc/

https://5fdghhoo11.top/doc/

https://6fdghhoo11.top/doc/

https://7fdghhoo11.top/doc/

https://8fdghhoo11.top/doc/

https://9fdghhoo11.top/doc/

https://10fdghhoo11.top/doc/

https://11fdghhoo11.top/doc/

https://12fdghhoo11.top/doc/

https://13fdghhoo11.top/doc/

https://14fdghhoo11.top/doc/

https://15fdghhoo11.top/doc/

https://16fdghhoo11.top/doc/

https://17fdghhoo11.top/doc/

https://18fdghhoo11.top/doc/

https://19fdghhoo11.top/doc/

https://20fdghhoo11.top/doc/

https://21fdghhoo11.top/doc/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.goldwould7
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4261

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.goldwould7/cache/cngjfo
    Filesize

    448KB

    MD5

    386530a97448903f4c624d33c69a1452

    SHA1

    e879ca8217c085b2a840df62fa8692ef840b8594

    SHA256

    94f40ef2b9612041cb871072912b97252e5fda2b4da3c8ae7b32de2dcfbbd401

    SHA512

    e3f410a5415041abbdb28ceab17324c39f04c97c8de9f68ad37b50427aca663e396ccb9a4cfea8a7d52d156d86a9967916ee5afe5eff1e0dc637fbfa81451a0b

    Download Submit
  • /data/user/0/com.goldwould7/cache/cngjfo
    Filesize

    448KB

    MD5

    386530a97448903f4c624d33c69a1452

    SHA1

    e879ca8217c085b2a840df62fa8692ef840b8594

    SHA256

    94f40ef2b9612041cb871072912b97252e5fda2b4da3c8ae7b32de2dcfbbd401

    SHA512

    e3f410a5415041abbdb28ceab17324c39f04c97c8de9f68ad37b50427aca663e396ccb9a4cfea8a7d52d156d86a9967916ee5afe5eff1e0dc637fbfa81451a0b

    Download Submit
  • /data/user/0/com.goldwould7/cache/cngjfo
    Filesize

    448KB

    MD5

    386530a97448903f4c624d33c69a1452

    SHA1

    e879ca8217c085b2a840df62fa8692ef840b8594

    SHA256

    94f40ef2b9612041cb871072912b97252e5fda2b4da3c8ae7b32de2dcfbbd401

    SHA512

    e3f410a5415041abbdb28ceab17324c39f04c97c8de9f68ad37b50427aca663e396ccb9a4cfea8a7d52d156d86a9967916ee5afe5eff1e0dc637fbfa81451a0b

    Download Submit
  • /data/user/0/com.goldwould7/cache/oat/cngjfo.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.goldwould7/shared_prefs/main.xml
    Filesize

    132B

    MD5

    1a13a9e190f0e80630aa2ca1b9cbf680

    SHA1

    6fa97f3bfeadebf1dce33b673cbdd3a216d99151

    SHA256

    b0573b9e3709be96ecfe27c25da6bc4771cce12133ae9be894ad2423de21edb6

    SHA512

    d59afa7d2fca50723453ba815d4273581152f992a799aab25bb0a90fda615d47d70f704ec5212f474ddaebbb1e549a4b6871fbd94464c350f76d9793dba2ab86

    Download Submit
  • /data/user/0/com.goldwould7/shared_prefs/main.xml
    Filesize

    7KB

    MD5

    da63590fe708d688bca33baa261944b4

    SHA1

    e92af72e9ed78f5b449fc588ae97f3e0c400a203

    SHA256

    d9fef75e0af432d234c0a2274c5cb25bcb7ad0566c8a90c3e379288461414066

    SHA512

    671ca635fdca6a376559ece29fb489f67582b119cdc976739a2e7d75225ff987ebdbc0619c1fff4c1ed66ab0e04715483037c589a0c46bed4d1004fda0a1a414

    Download Submit