Analysis
-
max time kernel
871177s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20230824-en -
submitted
26-08-2023 22:07
General
-
Target
20e05fdb25d77676dd98b5bb0335c68666af87906ee452f6462a62bf53fb0bc3.apk
-
Size
2.6MB
-
MD5
173bde5aeb511daf4ce126905a70294b
-
SHA1
50cfc99e37be3dc4cc6d120388c37ed4bc91978f
-
SHA256
20e05fdb25d77676dd98b5bb0335c68666af87906ee452f6462a62bf53fb0bc3
-
SHA512
a2575a88d11fa5062ee9b4de5aa2ae71f7a353b4ad3adbf9537ee8d4cac9d6b988830537db1a2512e23a7ea7d3ac50c2d1c32b12aa9aa31bfcc0e97a0afb00e7
-
SSDEEP
49152:4TxxtgGueRJNr6QC4l9nZF7DyERnvyP9YntuGYs6qH7+4V7+OCNqNoNP:4TxxB7Rn7CSZFDRvyCntrYs6qHiY7dCh
Malware Config
Extracted
octo
https://cookiliakc15.live/MTU2OWE0NzJjNGY5/
https://percys81kcac.info/MTU2OWE0NzJjNGY5/
https://dancelumn991dc.top/MTU2OWE0NzJjNGY5/
https://tv1ed54je1ws.cc/MTU2OWE0NzJjNGY5/
https://63651iz40cio.biz/MTU2OWE0NzJjNGY5/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 4 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Removes a system notification. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.myleft281⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
-
rm -r/data/user/0/com.myleft28/app_ded/hFoHnfOb2Po9b8j09eZXu7logpbZ6bUk.dex2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
7KB
MD58ecd382a2a799d1c4044451ced7c4350
SHA1c5f92d7f96a61afe0cd089d93da95be88732eb2f
SHA2566f968b6e8ce0d27fac088ebc028b973e73943f434f7f85b77187928a625c0767
SHA512142f335c83d14d387e2d0ba146d0fdce3ceff455a61848df511bf9e04d44c3ea9aa47c122ae03fdfb16d1677f4a62c96cf1f1c7c667b639e787fadb5f5242b68
-
Filesize
270KB
MD53752f9b4c69f508dea339419091766db
SHA19f503464b97210e51ea5e80b1f920f2d040eba26
SHA2566ccdc1cb9fe97cba2932dc12cad0f621e9b7963c165051230cbb31b025aa9d27
SHA51257eabddf91908399b3193e052b0d9cea0fac7c2980229c15b550607b9df79f19aadedc41f4c14eef6d8df888428403d178d7f63daf61330eae9a92c83b245e02
-
Filesize
435B
MD57498cfb4bd530778dacf70b0c9639973
SHA11269ebc3c03397fb6e5c1b7ce563fe8d7095702f
SHA2560c7f26661399aa0d9c3cca3d05fd57966c070203608bda1185dad164fbf370b5
SHA51260dba7933e890903e33bc0b0b59e2e036857a94c0a2f8b4812ae52d2c86d707f373cc13d2845c73c961005e8f4f946b4660bc2bb9f9f218f8d04b82a4570fcbf
-
Filesize
28B
MD56311c3fd15588bb5c126e6c28ff5fffe
SHA1ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA2568b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA5122975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6
-
Filesize
45B
MD5b82486911768c6d42cfe7c7b9c18d1df
SHA1fe5f711236f11fed78b37a358fc0b78ecb901ac2
SHA256e4f96fac1cc6893fcc7aa45f1a7c6ab14246f32c4a0647a070d7c5fccca3ea80
SHA51283eb3add1baccf35248de3800409c16af3648b048c02f43e79e761ac825f169c778ef45eda49247c12fd09e7e125dd8204287afad2c05ee021e7da1bb9bf1615
-
Filesize
63B
MD52b0aa730b51a2dd55fa0c5579e3fd555
SHA1e902f84ec72d35db969e25f38f4a54a440554380
SHA256fe0de21d9c2edefc23783f02e45ca1e79cab2fdbbd62f691adf3161a90f69e5a
SHA512b258bce00a3404696e08483f78212f1747ec4d9b925ae89693083bcd842d0b39102a6556ae1a00ab94a46d1cd3a4a01926e48def2515d9399eaad4b7ab0e74df
-
Filesize
45B
MD51ca78ec582b0bf5ba1e4aae6e6c434cc
SHA18c9ebe9c9035c485ff082b17c934dcbfe03df8bd
SHA256e9ba5f90b59822f135aa161e29ddc8bb28deb25935d54ecd391862e23a64b37e
SHA5127bf586c37e277eba519b6e14ad1447ceffc8fa33585292f98efc9817bbcabdbf3efa4714ff1dcce500eca57697f6d3f269ac79cc332564ef30f2d3278a88ba5e
-
Filesize
423B
MD5eda9ac3376ddfa13102e10cc4c11be99
SHA18ce9eec518e0a255903da7925e5ac264325936a3
SHA256183526e8eb547afb3f0782638c69b61c89f7487a364632421eb18aabc136703c
SHA512ad279c80eb5ac207e00f4868b1b53b3c21e10cda0ccfb14bd1ccea698fa58b32c8530aad9a22d3ecd213f782fec441cada7131e681681f821e7901dcf3ab2edd
-
Filesize
7KB
MD58ecd382a2a799d1c4044451ced7c4350
SHA1c5f92d7f96a61afe0cd089d93da95be88732eb2f
SHA2566f968b6e8ce0d27fac088ebc028b973e73943f434f7f85b77187928a625c0767
SHA512142f335c83d14d387e2d0ba146d0fdce3ceff455a61848df511bf9e04d44c3ea9aa47c122ae03fdfb16d1677f4a62c96cf1f1c7c667b639e787fadb5f5242b68
-
Filesize
7KB
MD58ecd382a2a799d1c4044451ced7c4350
SHA1c5f92d7f96a61afe0cd089d93da95be88732eb2f
SHA2566f968b6e8ce0d27fac088ebc028b973e73943f434f7f85b77187928a625c0767
SHA512142f335c83d14d387e2d0ba146d0fdce3ceff455a61848df511bf9e04d44c3ea9aa47c122ae03fdfb16d1677f4a62c96cf1f1c7c667b639e787fadb5f5242b68
-
Filesize
270KB
MD53752f9b4c69f508dea339419091766db
SHA19f503464b97210e51ea5e80b1f920f2d040eba26
SHA2566ccdc1cb9fe97cba2932dc12cad0f621e9b7963c165051230cbb31b025aa9d27
SHA51257eabddf91908399b3193e052b0d9cea0fac7c2980229c15b550607b9df79f19aadedc41f4c14eef6d8df888428403d178d7f63daf61330eae9a92c83b245e02
-
Filesize
270KB
MD53752f9b4c69f508dea339419091766db
SHA19f503464b97210e51ea5e80b1f920f2d040eba26
SHA2566ccdc1cb9fe97cba2932dc12cad0f621e9b7963c165051230cbb31b025aa9d27
SHA51257eabddf91908399b3193e052b0d9cea0fac7c2980229c15b550607b9df79f19aadedc41f4c14eef6d8df888428403d178d7f63daf61330eae9a92c83b245e02