Overview

overview

10

Static

static

7

com.nextobjectygy.apk

android-9-x86

10

com.nextobjectygy.apk

android-11-x64

10

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    com.nextobjectygy.apk

  • Size

    1.4MB

  • Sample

    230828-k4z3xaba82

  • MD5

    849658d94aad072a207ae3d40dcb7027

  • SHA1

    b9444c828e6e4137603bec985fb6709e74e965c3

  • SHA256

    4662160d5be3dd7b23547e04cd3cde493270181b00c5753a96f4fa7223e79572

  • SHA512

    1f29e4830b1ec63da4d50e874746e1a28e548a1f3048e178cb1af507d28b0c9cbff833638047ff5a2e9505dcd3018ff1a459f82a0fb600e07031a0d7d0413dc9

  • SSDEEP

    24576:i9Lk/AmN92tAQ88vLwBHVv2CB2akhR6Qf9cGE7XtgZODZH7mqHmfJFMAE4KvASw:bj2tAdggb2akhRFC7XiZGZbmqGBFMAES

Score
10/10
octoandroidbankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://29p0jb1nyxmt.biz/MTU2OWE0NzJjNGY5/

https://fmri3i4567ng.biz/MTU2OWE0NzJjNGY5/

https://ahs8a4mz8ehq.online/MTU2OWE0NzJjNGY5/

https://518tudu7579h.xyz/MTU2OWE0NzJjNGY5/

https://4jsi8qj3203u.org/MTU2OWE0NzJjNGY5/

https://4n51yg9firr3.site/MTU2OWE0NzJjNGY5/

https://0eto0mhk6g7b.top/MTU2OWE0NzJjNGY5/

https://icbm5s5oj028.xyz/MTU2OWE0NzJjNGY5/

https://yjf241z0uu75.info/MTU2OWE0NzJjNGY5/

https://wanrflitrnvn.asia/MTU2OWE0NzJjNGY5/

https://tv1ed54je1ws.cc/MTU2OWE0NzJjNGY5/

https://63651iz40cio.biz/MTU2OWE0NzJjNGY5/
AES_key

Targets

    • Target

      com.nextobjectygy.apk

    • Size

      1.4MB

    • MD5

      849658d94aad072a207ae3d40dcb7027

    • SHA1

      b9444c828e6e4137603bec985fb6709e74e965c3

    • SHA256

      4662160d5be3dd7b23547e04cd3cde493270181b00c5753a96f4fa7223e79572

    • SHA512

      1f29e4830b1ec63da4d50e874746e1a28e548a1f3048e178cb1af507d28b0c9cbff833638047ff5a2e9505dcd3018ff1a459f82a0fb600e07031a0d7d0413dc9

    • SSDEEP

      24576:i9Lk/AmN92tAQ88vLwBHVv2CB2akhR6Qf9cGE7XtgZODZH7mqHmfJFMAE4KvASw:bj2tAdggb2akhRFC7XiZGZbmqGBFMAES

    Score
    10/10
    octobankerevasioninfostealerransomwareratstealthtrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

    • Target

      license.html

    • Size

      30KB

    • MD5

      a095d4be2768cb6d37f9aa2de90a8a67

    • SHA1

      2c87de9a26cf1ee17d701c333f088db314b1bce1

    • SHA256

      30d2be0e050b7f1ec5e390326cefedb6e4a6304f5e2a623d0f7678cb67ff308b

    • SHA512

      0ec91a396b39029ec6585215e777495d97e72191438ec37d93e203931a1ac79b1a966e201b9b92982439e3d372f82af98a64914647464d30e1f7f3ab8a558998

    • SSDEEP

      768:/03s/uZ7je9IeMkkEdgC3BOgNMXUgPGaMx6NzJhCgaZpGgPGaxvam:/0c/uZ7je9IeMFIgeOgNMXUg6x6NzJhu

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks