Overview

overview

10

Static

static

7

95dfebe9de...89.apk

android-9-x86

10

95dfebe9de...89.apk

android-11-x64

10

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

Analysis

  • max time kernel
    1966232s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20230621-en
  • submitted
    20-07-2023 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95dfebe9de14ab96b82e7c30a1c1cc0f2d5b0b66dbe55206e85faecc9861ff89.apk

  • Size

    1.5MB

  • MD5

    5e65e93bdf25d664e0cf8d18d2da9635

  • SHA1

    07b811df49e65e3cb3f12f5077d99f49d488bf2c

  • SHA256

    95dfebe9de14ab96b82e7c30a1c1cc0f2d5b0b66dbe55206e85faecc9861ff89

  • SHA512

    9c63c12d7e68df6013cafc360e7887381b79a3ee62c861548368aa22366b82df6dc7acc7fb7cf5284299d9bab760759c85b120c053c56591447439c07570c624

  • SSDEEP

    49152:8CLWCPN4UEa/Y7QBuLzXGZGZbmqmCGMAE4KoSZ:JLN3Y7GuLzXGZQ/mbG

Score
10/10
octobankerinfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://marulkactuocxa.com/NTIwZmU2YzM0ZjU1/

https://godcaiasnffsa2.xyz/NTIwZmU2YzM0ZjU1/

https://dddcaiasnfaf.xyz/NTIwZmU2YzM0ZjU1/

https://buzlokolmactuocxa.com/NTIwZmU2YzM0ZjU1/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.peopleyesobpc
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4230
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.peopleyesobpc/app_DynamicOptDex/Ynk.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.peopleyesobpc/app_DynamicOptDex/oat/x86/Ynk.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4334

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.peopleyesobpc/app_DynamicOptDex/Ynk.json
    Filesize

    2KB

    MD5

    a9e4626be5e186a4f4676fef8b32bcdb

    SHA1

    0bfb7e1c4cf3256669154be060a751e1e4a76d41

    SHA256

    535d701cf0716c80fcb75cd4c1fcb371aed7f94ddf8865856d06d04473c6295a

    SHA512

    a697689be14948d51dd223cd848d29917451333c14244a9e393371b7f8871ba7605108136e3c14bcd5dcff8541f6c812a3c90e428c56d4d083b7ce8c2581a3b6

    Download Submit

  • /data/user/0/com.peopleyesobpc/app_DynamicOptDex/Ynk.json
    Filesize

    7KB

    MD5

    cb6af278a5ceb571cf84ff7ec13b8d5f

    SHA1

    32404d67e200f4483a1794c4fd65af7f04de97f6

    SHA256

    40fec9ff917f7be34613cb0e0dc60b09ef460c8c6c2342c4bda750a071c78cb8

    SHA512

    d1070e1896f7739b9bfe05ab4c1ae3105720ad2449289f6be724f7f880133a02dd0f431da39bc9f9fdead8ecea2b0677378c10f29e6e7894df241d5486a64cdf

    Download Submit

  • /data/user/0/com.peopleyesobpc/app_DynamicOptDex/Ynk.json
    Filesize

    7KB

    MD5

    d8bbbaa8b0a19e679a80f2788ecc4d7d

    SHA1

    fb5d1e45a6ccb229ad7d6a9d9184e174203ac92e

    SHA256

    657a7ddfe285d037a2c3067ff82a1de57befa1bf75db055671aa083c84622f62

    SHA512

    5e7afacf18fb0aefc3425b8973f9a322689a0b276aa3a9ca90c18e1f5b877314f723eb97c9167d10b12825219af846f238eb8cd6ff8230b8c39bb56a69187e99

    Download Submit

  • /data/user/0/com.peopleyesobpc/cache/wruhvwngahdiwjt
    Filesize

    449KB

    MD5

    c1be9238d6e0ad2a60c13a631d77a943

    SHA1

    04edc886b1a5502b77c067e490eca0d4e0284d97

    SHA256

    68967b2cdffc7fcca420607ad38ba0876ff2737557b573132e9f519ecc3d48d6

    SHA512

    7d753f7a8e18682e0a399f2589c64eb904c8cdfc542f9b492f745b10cd284e29375822e3f610121d04dfb43147449b92c2a612571454c0fc0629df166e8345f2

    Download Submit

  • /data/user/0/com.peopleyesobpc/cache/wruhvwngahdiwjt
    Filesize

    449KB

    MD5

    c1be9238d6e0ad2a60c13a631d77a943

    SHA1

    04edc886b1a5502b77c067e490eca0d4e0284d97

    SHA256

    68967b2cdffc7fcca420607ad38ba0876ff2737557b573132e9f519ecc3d48d6

    SHA512

    7d753f7a8e18682e0a399f2589c64eb904c8cdfc542f9b492f745b10cd284e29375822e3f610121d04dfb43147449b92c2a612571454c0fc0629df166e8345f2

    Download Submit

  • /data/user/0/com.peopleyesobpc/cache/wruhvwngahdiwjt
    Filesize

    449KB

    MD5

    c1be9238d6e0ad2a60c13a631d77a943

    SHA1

    04edc886b1a5502b77c067e490eca0d4e0284d97

    SHA256

    68967b2cdffc7fcca420607ad38ba0876ff2737557b573132e9f519ecc3d48d6

    SHA512

    7d753f7a8e18682e0a399f2589c64eb904c8cdfc542f9b492f745b10cd284e29375822e3f610121d04dfb43147449b92c2a612571454c0fc0629df166e8345f2

    Download Submit

  • /data/user/0/com.peopleyesobpc/shared_prefs/main.xml
    Filesize

    135B

    MD5

    050770924ce46f59af00493f5c51e8ae

    SHA1

    acfc9b2d047b4a41bd75008e96a98597e5505aa2

    SHA256

    d86ba895d3af4edd5639b0086415be6f45071970b455632abbe3057b9aa581e7

    SHA512

    e92cdfe65e9bc204945e27b17f358add516f7d3b52192891ece2d2a42f83e98302ec06aa949543ea823037a8a7055cf3c32656e3e0d25525083e2df50a667565

    Download Submit

  • /data/user/0/com.peopleyesobpc/shared_prefs/main.xml
    Filesize

    206B

    MD5

    e0d8a6e5bd0dc57f5ebf849d2f888a25

    SHA1

    aaa109aab446a8203afc9cb09c3dec05165685af

    SHA256

    401b0db60b7485e81e7d64a03457a18383d31b419895bf35f9a193e61a0638ba

    SHA512

    40ccbc5c31056aced0e95b19b092275e8f83366ca693a19d25e9e26cdb149873aa14dd4ee2bd34c51261dd7103843d8e9cf238282764f090d44eda8d4069e9ce

    Download Submit

  • /data/user/0/com.peopleyesobpc/shared_prefs/main.xml
    Filesize

    3KB

    MD5

    2616828d7f9726b4c0d2481c524e30e0

    SHA1

    5b4b750fc11b4e39fc3be1752a49c03cd83e216b

    SHA256

    452d18b27fa2435f4415f8c487005aaf4469ae573fda8c0d40d417a3ed143f28

    SHA512

    8eed5cd575651d26bfe80bc09caa59d3c0373d785cabc83a95d14c241f57beb2cd1572d0242b21ce9b061a45b87ad349a1c2137ffabe5a85c30eabfe59b89f45

    Download Submit