Overview

overview

10

Static

static

7

b3b6a47aa1...57.apk

android-9-x86

10

b3b6a47aa1...57.apk

android-10-x64

10

libimage_p...jni.so

debian-9-armhf

1

librsjni.so

debian-9-armhf

1

Analysis

  • max time kernel
    1872672s
  • max time network
    51s
  • platform
    android_x64
  • resource
    android-x64-20230621-en
  • submitted
    19/07/2023, 19:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b3b6a47aa1b1d8d21ba3e1f7db1210dc5ff90cff89739fd1002889b87a07e157.apk

  • Size

    2.0MB

  • MD5

    bc9b93848ac3d38f68f99a91c2428343

  • SHA1

    796ceaa60c838d7a97e70c822bfce8f77b192963

  • SHA256

    b3b6a47aa1b1d8d21ba3e1f7db1210dc5ff90cff89739fd1002889b87a07e157

  • SHA512

    d80e3858d0a6e938a68f658983980c512934f788b3829ba728d3072d7913b0719abcb49ced57653c9491c4fe39ba1826dddcdb272e7fe81dbcb12e19703fc204

  • SSDEEP

    24576:5cYsudeQ3Njm5MYUsmDkHnN4yoLNu7Oab2Rpb65gwROQKgb3u3TcPk/MxsXGGeFg:5cYsudeL8smD6oBuJnKgjS4k/gOtqg+M

Score
10/10
octobankerinfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://marmonth.space/YWRhZjAxNGM1YjFh/

https://spaceopenstar.tech/YWRhZjAxNGM1YjFh/

https://yupinytro.pw/YWRhZjAxNGM1YjFh/

https://kopenhardm.fun/YWRhZjAxNGM1YjFh/

https://bugutars.online/YWRhZjAxNGM1YjFh/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.therenewxl
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4837

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.therenewxl/app_DynamicOptDex/TXTa.json
          Filesize

          2KB

          MD5

          a90f5a5019ddef478621f1e80d7b4b2d

          SHA1

          20b34e1057b9874d0355f3c61b62fdb5d1853f91

          SHA256

          c4cf8d3224db12f9345b99f9c4485c98b207d26a943f6a1a6e5016c787ea8108

          SHA512

          f57627253959ea92e7cf6afc82782f92b4eb614b7fa184a12502355500536e630477706b4197bb533dedac1f63047de9fcbba6888777dcc62a1882cfaf7416da

          Download Submit

        • /data/user/0/com.therenewxl/app_DynamicOptDex/TXTa.json
          Filesize

          5KB

          MD5

          334b678929a7a803bf7954c050313a64

          SHA1

          b14aee70cd2d47ecf71b53933e5d963a3029f900

          SHA256

          8567307691c0f7555fa1fafef6599a5acde0665f06c387273f1e21be45387107

          SHA512

          efdddc4163cd892a2f05d69b9676f98d20736ae55c06d1f25bac89efa7d972cee6c1bd080c89d8c06da35f41875bfb292e40bc5d596fd19cabae80a0876ec57d

          Download Submit

        • /data/user/0/com.therenewxl/cache/xrbdm
          Filesize

          448KB

          MD5

          07b2b303a53b04030171fb54197bdb78

          SHA1

          eb63164f038a3e0bf683b0e9ce4ffedcc43e5819

          SHA256

          4aeb611c266b996b395a18c4897e2c1f9fb82e2466fc3484e322047e13cf04ce

          SHA512

          93676a19b96a849ae0d7d29cb716103a1d465756472d55bc5163fdd5cb5ecf7418fa68ca92725eec533f17027db19f044d31386d20f8b0b75261fabdede3402e

          Download Submit

        • /data/user/0/com.therenewxl/cache/xrbdm
          Filesize

          448KB

          MD5

          07b2b303a53b04030171fb54197bdb78

          SHA1

          eb63164f038a3e0bf683b0e9ce4ffedcc43e5819

          SHA256

          4aeb611c266b996b395a18c4897e2c1f9fb82e2466fc3484e322047e13cf04ce

          SHA512

          93676a19b96a849ae0d7d29cb716103a1d465756472d55bc5163fdd5cb5ecf7418fa68ca92725eec533f17027db19f044d31386d20f8b0b75261fabdede3402e

          Download Submit

        • /data/user/0/com.therenewxl/cache/xrbdm
          Filesize

          448KB

          MD5

          07b2b303a53b04030171fb54197bdb78

          SHA1

          eb63164f038a3e0bf683b0e9ce4ffedcc43e5819

          SHA256

          4aeb611c266b996b395a18c4897e2c1f9fb82e2466fc3484e322047e13cf04ce

          SHA512

          93676a19b96a849ae0d7d29cb716103a1d465756472d55bc5163fdd5cb5ecf7418fa68ca92725eec533f17027db19f044d31386d20f8b0b75261fabdede3402e

          Download Submit

        • /data/user/0/com.therenewxl/shared_prefs/main.xml
          Filesize

          132B

          MD5

          6c2d47c29f4b7b2caf5e362595c019ef

          SHA1

          30d2fd8d9f315eaed20cf61a1167597fd2a6a1a5

          SHA256

          2d8541c5eeba470a9637f4a69d333111e4b2b2ba8354158c622fa0ef174cbdf9

          SHA512

          c0a469d2e71e03922e312e914663cd12bd2501918e3231f5db1bc00824f4c7a913d2cc5f8060f8f3c6c540352261148faac7ac3ef53bd2cc5a502dd88e69df15

          Download Submit

        • /data/user/0/com.therenewxl/shared_prefs/main.xml
          Filesize

          5KB

          MD5

          ba743983567757e6faa49bb1a1a65d4b

          SHA1

          791372081ec3d3545b9ff790b15c52437c9d3ebd

          SHA256

          330af7bb099550a66ef23ea6885469b7264daacc1f55b1968388d5d893dae195

          SHA512

          ac47fc2bd69be632616aefd0110d725c2ed46516f18bfecca67db24e084ee25562f77d742f2882dddbe778f2ca94327cae5df736dbe22f9fb9435809df8efecf

          Download Submit