Overview

overview

10

Static

static

7

b3b6a47aa1...57.apk

android-9-x86

10

b3b6a47aa1...57.apk

android-10-x64

10

libimage_p...jni.so

debian-9-armhf

1

librsjni.so

debian-9-armhf

1

Analysis

  • max time kernel
    1872780s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20230621-en
  • submitted
    19/07/2023, 19:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b3b6a47aa1b1d8d21ba3e1f7db1210dc5ff90cff89739fd1002889b87a07e157.apk

  • Size

    2.0MB

  • MD5

    bc9b93848ac3d38f68f99a91c2428343

  • SHA1

    796ceaa60c838d7a97e70c822bfce8f77b192963

  • SHA256

    b3b6a47aa1b1d8d21ba3e1f7db1210dc5ff90cff89739fd1002889b87a07e157

  • SHA512

    d80e3858d0a6e938a68f658983980c512934f788b3829ba728d3072d7913b0719abcb49ced57653c9491c4fe39ba1826dddcdb272e7fe81dbcb12e19703fc204

  • SSDEEP

    24576:5cYsudeQ3Njm5MYUsmDkHnN4yoLNu7Oab2Rpb65gwROQKgb3u3TcPk/MxsXGGeFg:5cYsudeL8smD6oBuJnKgjS4k/gOtqg+M

Score
10/10
octobankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://marmonth.space/YWRhZjAxNGM1YjFh/

https://spaceopenstar.tech/YWRhZjAxNGM1YjFh/

https://yupinytro.pw/YWRhZjAxNGM1YjFh/

https://kopenhardm.fun/YWRhZjAxNGM1YjFh/

https://bugutars.online/YWRhZjAxNGM1YjFh/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.therenewxl
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4041
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.therenewxl/app_DynamicOptDex/TXTa.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.therenewxl/app_DynamicOptDex/oat/x86/TXTa.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4138

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.therenewxl/app_DynamicOptDex/TXTa.json
          Filesize

          2KB

          MD5

          a90f5a5019ddef478621f1e80d7b4b2d

          SHA1

          20b34e1057b9874d0355f3c61b62fdb5d1853f91

          SHA256

          c4cf8d3224db12f9345b99f9c4485c98b207d26a943f6a1a6e5016c787ea8108

          SHA512

          f57627253959ea92e7cf6afc82782f92b4eb614b7fa184a12502355500536e630477706b4197bb533dedac1f63047de9fcbba6888777dcc62a1882cfaf7416da

          Download Submit

        • /data/user/0/com.therenewxl/app_DynamicOptDex/TXTa.json
          Filesize

          5KB

          MD5

          2d48cfe499f0b5cb938895bf9ea93b6d

          SHA1

          bac22c42d2a5e1cf701de9aadabba68efef99862

          SHA256

          d2ea15f6ca7e276d37e3eaf3642f532970e792e5c383313544f392b9cf47e15d

          SHA512

          ec9f0a2083b177667dac5f66d5defb612ad44aea2b6e4bdb88a36410b506f69f900b0dea411da43c77e1f129703edd5226228920ae605f72ee07a9af2c5e6814

          Download Submit

        • /data/user/0/com.therenewxl/app_DynamicOptDex/TXTa.json
          Filesize

          5KB

          MD5

          334b678929a7a803bf7954c050313a64

          SHA1

          b14aee70cd2d47ecf71b53933e5d963a3029f900

          SHA256

          8567307691c0f7555fa1fafef6599a5acde0665f06c387273f1e21be45387107

          SHA512

          efdddc4163cd892a2f05d69b9676f98d20736ae55c06d1f25bac89efa7d972cee6c1bd080c89d8c06da35f41875bfb292e40bc5d596fd19cabae80a0876ec57d

          Download Submit

        • /data/user/0/com.therenewxl/app_webview/GPUCache/index
          Filesize

          20B

          MD5

          93027d42b314432c4216e6cfca48b384

          SHA1

          43448dd8102979c3926828182579691945eedd4e

          SHA256

          3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

          SHA512

          a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

          Download Submit

        • /data/user/0/com.therenewxl/app_webview/GPUCache/index-dir/temp-index
          Filesize

          48B

          MD5

          291f902c5dfc1521764224a246215d45

          SHA1

          c5dd9ee9c4f9e43b1a310828e6e4dde2d0737c3e

          SHA256

          1069df0a3b200dc4f3da682a42973defbc733ff63f02f182c119fd6b28662e8a

          SHA512

          28498dbb2a04f62dbf5dfee170ccbc73a2b5826c8e4a39ef33a549f745dbcb0c59d86d75f96c06ca6e271dc0d6c001b9046254ff9bc35a2bd2f877d4bf154d5f

          Download Submit

        • /data/user/0/com.therenewxl/app_webview/GPUCache/index-dir/temp-index
          Filesize

          48B

          MD5

          379baf6f7446a02db14dc2d9d5656c0d

          SHA1

          f5c6641dffed1b5a19b344cc61f83504e79f6509

          SHA256

          f0e5370b759d4f849043038f1fad53e129900562466a5e9824d74ce51901a3e3

          SHA512

          e09fb7cd38d67f2dbc83d0f60c4774d1998d5ddc5fe84aeb9c22ab355504c7f0d2d578637c393ccdb0460137132c619a1e27508c1f671ea56006dc03238e01b7

          Download Submit

        • /data/user/0/com.therenewxl/app_webview/Web Data
          Filesize

          104KB

          MD5

          dc79f9ce5f3ab5270b33e61119dfc959

          SHA1

          1844bf222a5144b513dcf2fb50a18c011701c647

          SHA256

          47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

          SHA512

          18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

          Download Submit

        • /data/user/0/com.therenewxl/app_webview/Web Data-journal
          Filesize

          1KB

          MD5

          efd7b08887966fec76ed8a9acd33ce9a

          SHA1

          7605d195b6ed4f3c1d1e99bdfdc8a753028b2923

          SHA256

          f7442e15023dbbc198dda968a81457853d31e3d60219e2b09f75238cf3e0a096

          SHA512

          6c1e2c2f7cc9d1dfbea175afa29aeacb9fd77c4556c4c22636a4f103b72f31f99f1a55ed6a5152d7270d87f1d15913b92974f7d803d280c4af7b41922f73cf64

          Download Submit

        • /data/user/0/com.therenewxl/app_webview/metrics_guid
          Filesize

          36B

          MD5

          6d5374a1f7da6449b7564cb54b33e7d5

          SHA1

          ebeff0586dcb999ce48bc5fb03fa2d3d9726dd08

          SHA256

          7b7bc99031a182a0a38500242a9ee84211a5b9a38cf3e4140ca5a4360acdea4f

          SHA512

          ffcb71cb7a917f3e5887b041ab2f61976129baa3e19cb23f1a2c70b458e2a807e7e4ca973c4dfd7874823e1ba95a27d2f2f58919fc5cfd893d8fead648ce6352

          Download Submit

        • /data/user/0/com.therenewxl/cache/xrbdm
          Filesize

          448KB

          MD5

          07b2b303a53b04030171fb54197bdb78

          SHA1

          eb63164f038a3e0bf683b0e9ce4ffedcc43e5819

          SHA256

          4aeb611c266b996b395a18c4897e2c1f9fb82e2466fc3484e322047e13cf04ce

          SHA512

          93676a19b96a849ae0d7d29cb716103a1d465756472d55bc5163fdd5cb5ecf7418fa68ca92725eec533f17027db19f044d31386d20f8b0b75261fabdede3402e

          Download Submit

        • /data/user/0/com.therenewxl/cache/xrbdm
          Filesize

          448KB

          MD5

          07b2b303a53b04030171fb54197bdb78

          SHA1

          eb63164f038a3e0bf683b0e9ce4ffedcc43e5819

          SHA256

          4aeb611c266b996b395a18c4897e2c1f9fb82e2466fc3484e322047e13cf04ce

          SHA512

          93676a19b96a849ae0d7d29cb716103a1d465756472d55bc5163fdd5cb5ecf7418fa68ca92725eec533f17027db19f044d31386d20f8b0b75261fabdede3402e

          Download Submit

        • /data/user/0/com.therenewxl/cache/xrbdm
          Filesize

          448KB

          MD5

          07b2b303a53b04030171fb54197bdb78

          SHA1

          eb63164f038a3e0bf683b0e9ce4ffedcc43e5819

          SHA256

          4aeb611c266b996b395a18c4897e2c1f9fb82e2466fc3484e322047e13cf04ce

          SHA512

          93676a19b96a849ae0d7d29cb716103a1d465756472d55bc5163fdd5cb5ecf7418fa68ca92725eec533f17027db19f044d31386d20f8b0b75261fabdede3402e

          Download Submit

        • /data/user/0/com.therenewxl/shared_prefs/WebViewChromiumPrefs.xml
          Filesize

          127B

          MD5

          21223e9184445fe043476484cd8cb1f9

          SHA1

          2b4813f849121d60ba35eb0889080668bb62c778

          SHA256

          bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

          SHA512

          be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

          Download Submit

        • /data/user/0/com.therenewxl/shared_prefs/main.xml
          Filesize

          132B

          MD5

          6c2d47c29f4b7b2caf5e362595c019ef

          SHA1

          30d2fd8d9f315eaed20cf61a1167597fd2a6a1a5

          SHA256

          2d8541c5eeba470a9637f4a69d333111e4b2b2ba8354158c622fa0ef174cbdf9

          SHA512

          c0a469d2e71e03922e312e914663cd12bd2501918e3231f5db1bc00824f4c7a913d2cc5f8060f8f3c6c540352261148faac7ac3ef53bd2cc5a502dd88e69df15

          Download Submit

        • /data/user/0/com.therenewxl/shared_prefs/main.xml
          Filesize

          3KB

          MD5

          c61c78b9c50c471c635963cac7dbfc47

          SHA1

          e1c4b53cfe52b227c2cb8c805ca8877297d6f83b

          SHA256

          c2a7ac71d8715df0258781d94a0e2d4ddd48677d11ece940d85ee199a9d749fa

          SHA512

          e7e7520f16dde24e96467e7dfa2df5e6ae01cb9c6599432fdd2530e393c492999508fb8ab80c370a80f58ccc77434ce168076588e6534489cf70f5841d1d7f44

          Download Submit