Overview

overview

10

Static

static

7

com.amvery4.apk

android-10-x64

10

com.amvery4.apk

android-11-x64

10

com.amvery4.apk

android-9-x86

10

Resubmissions

03-11-2023 03:44

231103-eapr7ade77 10

14-08-2023 23:16

230814-28586afg99 10

14-08-2023 23:14

230814-28bpjshh6t 10

14-08-2023 23:13

230814-27c6zsfg95 10

14-08-2023 04:43

230814-fcfsqshe37 10

14-08-2023 04:42

230814-fbpz1she28 10

13-08-2023 13:51

230813-q5sccach63 10

13-07-2023 06:05

230713-gtdv5sfe43 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    com.amvery4.apk

  • Size

    1.7MB

  • Sample

    230814-fbpz1she28

  • MD5

    25d99eea253d09f79fb4b8d39364ed8d

  • SHA1

    8d923163764cc12fc287d81a718b4533e08f2fe9

  • SHA256

    11dcd47ea09e8c1efe551e1832c7aeea810dce127f78299fce8d72a638fd9f51

  • SHA512

    c82abf598ad8d3ac817c817496b8edeb0672d57a7771f7f707598a7c6d1ead5e282170c6da2f467b66e06f89020ab7152e6936b6b9a0c947805a55b34e9b3e25

  • SSDEEP

    24576:VuNlJrpZQO3cf8Flg0f4dpDWRghaJMpv2uQOdPq0ZmARC6LD6RCaEABDMyZF:2j4M4/a+haJqv2uQOzZ2RCaEABYCF

Score
10/10
octoandroidbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://176.113.115.110/YjcyMWYzZjc5OTUy/

https://31fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://32fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://33fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://34fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://35fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://36fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://37fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://38fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://39fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://40fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://41fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://42fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://43fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://44fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://45fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://46fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://47fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://48fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://49fdghhoo11.com/YjcyMWYzZjc5OTUy/
AES_key

Targets

    • Target

      com.amvery4.apk

    • Size

      1.7MB

    • MD5

      25d99eea253d09f79fb4b8d39364ed8d

    • SHA1

      8d923163764cc12fc287d81a718b4533e08f2fe9

    • SHA256

      11dcd47ea09e8c1efe551e1832c7aeea810dce127f78299fce8d72a638fd9f51

    • SHA512

      c82abf598ad8d3ac817c817496b8edeb0672d57a7771f7f707598a7c6d1ead5e282170c6da2f467b66e06f89020ab7152e6936b6b9a0c947805a55b34e9b3e25

    • SSDEEP

      24576:VuNlJrpZQO3cf8Flg0f4dpDWRghaJMpv2uQOdPq0ZmARC6LD6RCaEABDMyZF:2j4M4/a+haJqv2uQOzZ2RCaEABYCF

    Score
    10/10
    octobankerinfostealerransomwarerattrojanevasion

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks