Analysis
-
max time kernel
1043430s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20230824-en -
submitted
28-08-2023 22:01
General
-
Target
6a22df38c0093466c087686ac36710433a4b392e3bf4bb0e4646d19aeeab18f6.apk
-
Size
541KB
-
MD5
462ecf561b3c7150cfc5848ed30f7ca6
-
SHA1
417b11cac5cb45c256e09c8f3394b7f4b461442f
-
SHA256
6a22df38c0093466c087686ac36710433a4b392e3bf4bb0e4646d19aeeab18f6
-
SHA512
8fb5abfa381882e1ed79d485cc90652adde787423384a342d17d58ea6cbe245b8a8b486dfe0ad48c27d9e914431bcd70659793a8e63c3ce55a436467bcda9a1b
-
SSDEEP
12288:XvDyLujqaZRQsWBi15ix7+kkifVPx5QKYjGEC:fDyLujq8asiG5ix+8pf
Malware Config
Extracted
octo
https://185.225.75.47/YTFlMzViNjNiNWM3/
https://yamacfirarda22.xyz/YTFlMzViNjNiNWM3/
https://3yamacfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5yam7acfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5yam4acfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5yam8acfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5y3am4acfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5ya5m8acfirarda22.xyz/YTFlMzViNjNiNWM3/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.sitpose51⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
442B
MD531c90cab8dd9508f81a493d70048d151
SHA1f450946b7294e54327ff7c6a107fba51eb8c0b3d
SHA256e772cc1b7746358560ad51bb8a2e4d00ed3c7bfd858eb588fb3070ad7fe9875f
SHA512f41ef0af4799cd9b615bafc36cdd32812c54332e3f542b00e40b8f1f315079b35a544ab1b5632d80633583016d2501d4159c5cf917b0250eb0068d5e03ca2a25
-
Filesize
450KB
MD5641c270f405f9cb0cf318be50bf92021
SHA1e541260acf0f5efad3b3a63cb0481f78195fadec
SHA25611ab1107cf6464fd5a3c0075c0d1737e9779cdd10b90b2670ed8080e6fbb582c
SHA5128fd162a4e38299238c8265fe202a41d1a2f3059f6f84c96781f3e28739a0a5e6fd5b4740010a7f4f3562debb94a825818e812e94561125405a82da507f021956
-
Filesize
28B
MD56311c3fd15588bb5c126e6c28ff5fffe
SHA1ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA2568b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA5122975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6
-
Filesize
234B
MD5c953f5227dd24a8b9bd13f3dca967ead
SHA11b88fd0e64c5b172ac3f6aab90f40a999b4ad7e5
SHA2568f20317f47b27426c98a88ba00ed78ba1b8bcb4f30b7b704e76209854c8019d9
SHA512f3c68d0a6893fd286ee3d9010f0f307297478920a9f23229a60257f521a63210a7ad6c4ee9f841ec896d9fccb3521e004e27e8457e86dfcae5e225fab5bd1bee
-
Filesize
63B
MD509c15dfedeebc37759562f3f33c1529c
SHA1372568635c119746a4d928f3d1abb230286c2af1
SHA2567e55ddac284284069832e6a6896847516d074564816134b5d4924b29f6dc6dad
SHA512c9e76cc497ce0bd23294d70190b4ae9318a985cdf8722fe9da33e450fa9494c05290d309418ed67d36f12f4a400a898eedcc719a851bc5344479335c88e65861
-
Filesize
54B
MD505fff6d7cd1ba3ac502e505c96a3264e
SHA13b7b2488e14eece8a450f04b1ab984bbafa8fbfd
SHA256d8a46790a58c8226b69653e9f8784dd2798aef0a0ca6ac67ff4795b37f2abe95
SHA512936d113286a373ae1b17d78d189e46fc3f6eaa3dbf4be8b5b0962021aedac4a01615b663f9c921df34c883d662c9bdbcd9197497e438b2e992dedb5ec6949c47
-
Filesize
431B
MD510804105a87da085a7d284c819d7bd26
SHA17f28fccb9a881a8c71477a304e118a634b029300
SHA2565298ea4e5df8600d863e125cba3ca297bfb71c4ad8307e58267adb90d055409f
SHA5123de288310352c40e1cc446308cfc492898517a10453a08e0956085d9a8586b6d18a401aa2e8400f94a39c8363d44c3be7f1f25bd758043636c554eb26612f3bc
-
Filesize
450KB
MD5641c270f405f9cb0cf318be50bf92021
SHA1e541260acf0f5efad3b3a63cb0481f78195fadec
SHA25611ab1107cf6464fd5a3c0075c0d1737e9779cdd10b90b2670ed8080e6fbb582c
SHA5128fd162a4e38299238c8265fe202a41d1a2f3059f6f84c96781f3e28739a0a5e6fd5b4740010a7f4f3562debb94a825818e812e94561125405a82da507f021956
-
Filesize
450KB
MD5641c270f405f9cb0cf318be50bf92021
SHA1e541260acf0f5efad3b3a63cb0481f78195fadec
SHA25611ab1107cf6464fd5a3c0075c0d1737e9779cdd10b90b2670ed8080e6fbb582c
SHA5128fd162a4e38299238c8265fe202a41d1a2f3059f6f84c96781f3e28739a0a5e6fd5b4740010a7f4f3562debb94a825818e812e94561125405a82da507f021956