Overview

overview

10

Static

static

7

22864dd364...bb.apk

android-9-x86

10

22864dd364...bb.apk

android-10-x64

10

demo.html

windows7-x64

1

demo.html

windows10-2004-x64

1

floating-s...ed.xml

windows7-x64

1

floating-s...ed.xml

windows10-2004-x64

3

floating-s...te.xml

windows7-x64

1

floating-s...te.xml

windows10-2004-x64

3

free-text-...ed.xml

windows7-x64

1

free-text-...ed.xml

windows10-2004-x64

3

free-text-comment.xml

windows7-x64

1

free-text-comment.xml

windows10-2004-x64

3

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

maction.js

windows7-x64

1

maction.js

windows10-2004-x64

1

menclose.js

windows7-x64

1

menclose.js

windows10-2004-x64

1

mglyph.js

windows7-x64

1

mglyph.js

windows10-2004-x64

1

mmultiscripts.js

windows7-x64

1

mmultiscripts.js

windows10-2004-x64

1

ms.js

windows7-x64

1

ms.js

windows10-2004-x64

1

mtable.js

windows7-x64

1

mtable.js

windows10-2004-x64

1

multiline.js

windows7-x64

1

multiline.js

windows10-2004-x64

1

no_sleep.js

windows7-x64

1

no_sleep.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3014922s
  • max time network
    136s
  • platform
    android_x86
  • resource
    android-x86-arm-20230621-en
  • submitted
    02-08-2023 00:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22864dd364d590ad2594ef92076bf122c816eb94fc604102bec06762506145bb.apk

  • Size

    1.7MB

  • MD5

    79030aebb09c2f2b701eb65f0d211cb1

  • SHA1

    675e0c84e8ec264573eefdc0534d204d25898ba5

  • SHA256

    22864dd364d590ad2594ef92076bf122c816eb94fc604102bec06762506145bb

  • SHA512

    74f6247198cf6cacd9b83e6a8ce4f57cc111a91e75faef867ce197feab5b686fed66786536459ffa3f11a96fc304d4081268cf746cccf7a2d5f718bfd36ad1b7

  • SSDEEP

    49152:PbveWzsVM/FfAJtGbwftgXhT4iGsCaEADHc:DveWzsVeFoWbwfOnvCazDHc

Score
10/10
octobankerinfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://daniel.osborne.chickenkiller.com/YjJjM2M0NDc4ZjBj/

https://laural-plath.chickenkiller.com/YjJjM2M0NDc4ZjBj/

https://gabriela.saunders.crabdance.com/YjJjM2M0NDc4ZjBj/

https://James-beekman.jumpingcrab.com/YjJjM2M0NDc4ZjBj/

https://brian-tallman.twilightparadox.com/YjJjM2M0NDc4ZjBj/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.nameboxcb
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4173
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.nameboxcb/app_DynamicOptDex/IHLBQ.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.nameboxcb/app_DynamicOptDex/oat/x86/IHLBQ.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4213

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameboxcb/app_DynamicOptDex/IHLBQ.json
    Filesize

    2KB

    MD5

    5c6dbe5b4243f9c22c80f54ba3346a90

    SHA1

    2c1885433234b30eb0b01488df319bdf905525c5

    SHA256

    b0b18dec73af6791aab7e4517e6c23c7ef9a535ec45f174537bf150174fcfab3

    SHA512

    01a3edcb4f7c9fb1c7e30eb4ceb81f46b81930b7966bf696112618b70ef9abf691029d01425a69c20b6fc138304401383914c5c56e00cc1112147db999591ef4

    Download Submit

  • /data/user/0/com.nameboxcb/app_DynamicOptDex/IHLBQ.json
    Filesize

    6KB

    MD5

    f9f406d545c786d44e1f7e39718b1787

    SHA1

    99ce274cccc6a5bef3a267b993817966c855baad

    SHA256

    77ca73d1d4c908ecc78479b3c8c86d9427f74d02a42036b9c46c82a3ae555379

    SHA512

    d08c383442c9fbf9fc640bcc4939075ab9654469dc314417a3e49bb3a6ab0c7514255234ee623453c3f9f4cb998ec6d650d74dbd0cee224e586211753966b0d0

    Download Submit

  • /data/user/0/com.nameboxcb/app_DynamicOptDex/IHLBQ.json
    Filesize

    6KB

    MD5

    3fe760932527db10b35e98215b940ea8

    SHA1

    df2cb39a6249f05e6f048042573d04720e529ad1

    SHA256

    611383c0e89942ca7422793011d1c700124973c1a4a7dc707f22f47f3772407e

    SHA512

    76dadba5da9d93d5123e63fc2b63e384c582b9572e8e362b7f2751e9a95b504dd4a840b26e2a14e330e03ab1c8a6fe88e58568edb53002105ac2bea7e054e2ab

    Download Submit

  • /data/user/0/com.nameboxcb/cache/ogdvtbdllap
    Filesize

    450KB

    MD5

    53ac902270492216b47d648ba2ac4ef4

    SHA1

    143bc685601bb8bfdaf5b69d86aeb8cbcf9e33b9

    SHA256

    f10c203ce14453a75075faf8d7aa4278803ccf331258b02f0d205cc3f2298167

    SHA512

    06486a18e506e698bc4dc07f8d260e19a32be272fc09082378261ad710315dc9e0cdc3ecb5af1a016624aa4d979a230b55c69ef82989a7c7799e6cdc4d92877f

    Download Submit

  • /data/user/0/com.nameboxcb/cache/ogdvtbdllap
    Filesize

    450KB

    MD5

    53ac902270492216b47d648ba2ac4ef4

    SHA1

    143bc685601bb8bfdaf5b69d86aeb8cbcf9e33b9

    SHA256

    f10c203ce14453a75075faf8d7aa4278803ccf331258b02f0d205cc3f2298167

    SHA512

    06486a18e506e698bc4dc07f8d260e19a32be272fc09082378261ad710315dc9e0cdc3ecb5af1a016624aa4d979a230b55c69ef82989a7c7799e6cdc4d92877f

    Download Submit

  • /data/user/0/com.nameboxcb/cache/ogdvtbdllap
    Filesize

    450KB

    MD5

    53ac902270492216b47d648ba2ac4ef4

    SHA1

    143bc685601bb8bfdaf5b69d86aeb8cbcf9e33b9

    SHA256

    f10c203ce14453a75075faf8d7aa4278803ccf331258b02f0d205cc3f2298167

    SHA512

    06486a18e506e698bc4dc07f8d260e19a32be272fc09082378261ad710315dc9e0cdc3ecb5af1a016624aa4d979a230b55c69ef82989a7c7799e6cdc4d92877f

    Download Submit

  • /data/user/0/com.nameboxcb/shared_prefs/main.xml
    Filesize

    131B

    MD5

    23a3fbd78e9c1e4090e590a4993720d2

    SHA1

    512aa24078417e108e8fecccdd281beebc994417

    SHA256

    8a5de8038c305e4edfcbedd0ab6789b6080521f0817ab43332e504ec08b9d08f

    SHA512

    e5f45e156e9f229de7c4b0abaca322f36eefa815b6682c63e8358de8bbe9e5c7c854061f74051c8d213b81e8c8eba88191d7711a5b1161115ba9c2efdd2a0561

    Download Submit

  • /data/user/0/com.nameboxcb/shared_prefs/main.xml
    Filesize

    3KB

    MD5

    7c268318926208603fbd2b0afb71db38

    SHA1

    bc13087dc5ed703a64d85911303f7d2cebfbb66b

    SHA256

    690a051708ebd98b618ffaa356ad7503e06481ef2e06a9d0bae41c7c91579cd1

    SHA512

    8cdd9163eaaa82f967c1e053247cc7721e37868c8901c5aed299adb391b38eeeb0dcfff91c601184d2677ff1fe21f95e4c7dc59fed155edbf8911c7d4001e8ad

    Download Submit