Overview

overview

10

Static

static

7

com.nextobjectygy.apk

android-9-x86

10

com.nextobjectygy.apk

android-11-x64

10

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

Analysis

  • max time kernel
    996875s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20230824-en
  • submitted
    28-08-2023 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    com.nextobjectygy.apk

  • Size

    1.4MB

  • MD5

    849658d94aad072a207ae3d40dcb7027

  • SHA1

    b9444c828e6e4137603bec985fb6709e74e965c3

  • SHA256

    4662160d5be3dd7b23547e04cd3cde493270181b00c5753a96f4fa7223e79572

  • SHA512

    1f29e4830b1ec63da4d50e874746e1a28e548a1f3048e178cb1af507d28b0c9cbff833638047ff5a2e9505dcd3018ff1a459f82a0fb600e07031a0d7d0413dc9

  • SSDEEP

    24576:i9Lk/AmN92tAQ88vLwBHVv2CB2akhR6Qf9cGE7XtgZODZH7mqHmfJFMAE4KvASw:bj2tAdggb2akhRFC7XiZGZbmqGBFMAES

Score
10/10
octobankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://29p0jb1nyxmt.biz/MTU2OWE0NzJjNGY5/

https://fmri3i4567ng.biz/MTU2OWE0NzJjNGY5/

https://ahs8a4mz8ehq.online/MTU2OWE0NzJjNGY5/

https://518tudu7579h.xyz/MTU2OWE0NzJjNGY5/

https://4jsi8qj3203u.org/MTU2OWE0NzJjNGY5/

https://4n51yg9firr3.site/MTU2OWE0NzJjNGY5/

https://0eto0mhk6g7b.top/MTU2OWE0NzJjNGY5/

https://icbm5s5oj028.xyz/MTU2OWE0NzJjNGY5/

https://yjf241z0uu75.info/MTU2OWE0NzJjNGY5/

https://wanrflitrnvn.asia/MTU2OWE0NzJjNGY5/

https://tv1ed54je1ws.cc/MTU2OWE0NzJjNGY5/

https://63651iz40cio.biz/MTU2OWE0NzJjNGY5/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.nextobjectygy
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4188
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.nextobjectygy/app_DynamicOptDex/oG.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.nextobjectygy/app_DynamicOptDex/oat/x86/oG.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4215

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nextobjectygy/.qcom.nextobjectygy
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.nextobjectygy/app_DynamicOptDex/oG.json
    Filesize

    2KB

    MD5

    c650e506d6068e56ba3dbd04cc36225d

    SHA1

    7a76d1096314946ee6af7718ba3fa0446a597371

    SHA256

    9bec4cfaed47b31adf9d29356008dfb26ed5283144936a411240e74e9d705273

    SHA512

    2e341148e7147123a5ca8bc0972e27b62fb763cde78cd386afe31e8fa4c76a800794e54d477512b74b56a27bdbf2a69d1f649941f07c5746475d545e7635325d

    Download Submit

  • /data/data/com.nextobjectygy/app_DynamicOptDex/oG.json
    Filesize

    2KB

    MD5

    cc7cf03628477436a64965af9e9ff70d

    SHA1

    c58f361054f2d7a78211e880c34340474e8167dc

    SHA256

    c86440926c20fd751ac27a6edcef2c74bdc6c7eb817ece7870f5372deda544c6

    SHA512

    6b8c59fee171011e91694c1ad50dfefa748c1a7284a6254ce3f67b134e577eff9ec45ce9e41eed73c7783e7b94c7649fd90016b338a37edcb01d240ad0fee0f1

    Download Submit

  • /data/data/com.nextobjectygy/cache/mylywfwk
    Filesize

    271KB

    MD5

    4889f001450b34d1d50b0a8d1341a5e0

    SHA1

    0d015e40994ee61bd4582b34c18db5e762418a77

    SHA256

    eeeb9de74c2137c1d79a72da567e6610ce974d2d2a2f7ab38472dbb76dac0674

    SHA512

    0fabb069e66fd7b32cd03f6bec0228d2a74649ff35ef446943f0f92fe9d08dbecc23189a36f2c18265d2f89b217ea604897125419c3aa841b8a4a8a032c85e3d

    Download Submit

  • /data/data/com.nextobjectygy/cache/oat/mylywfwk.cur.prof
    Filesize

    441B

    MD5

    7cc77b1f4950b678e31f1af8838d98c0

    SHA1

    bea5e7575258514564ab5dea89e6f49085f03f71

    SHA256

    0d1a6b1b9f9108936c92bc52296592677260e9b1b692afd9425ff15f39b3efc3

    SHA512

    0f002015be27f0c13cac64f67a3cdca9c8cf0e2c244086eb7bdb6e5a765c8fa34bf60ce87636d185b20ef7fe0f72c5896abe258088a488148073c59da7cc0e95

    Download Submit

  • /data/data/com.nextobjectygy/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.nextobjectygy/kl.txt
    Filesize

    63B

    MD5

    922a4249d900ddd81b857331f118cde6

    SHA1

    9be7f95765732ef5873a790e07fca5d3de1bb882

    SHA256

    d432ccbd3d5ad48d9d71e6c527ea1cecd3dbbb20c25f8df3c9b13d6fff0fa5f0

    SHA512

    7ab1b4c7f16af158f28b7b56be569ef1e4d5941caa6d2984746a8da4909cb47a9a4cd8a093796957224f337806cf31605b4d7dc93b76fca22c1201e8e774b2fd

    Download Submit

  • /data/data/com.nextobjectygy/kl.txt
    Filesize

    230B

    MD5

    ebe989fcdaf972b4ea6336df3d831088

    SHA1

    73cd69d60c905da52b4f89bdb068c00d55dd86cd

    SHA256

    8316bdca9ceff273b130c7e4faa953bd78954a5b1416ba1a6ac648ef5dbcc211

    SHA512

    bfe10d8509584584c6f36bec16ab5afc52af0652448892f8bdcb9217d23382f8e700e995081b51ee30ce66b19b25e60524a13681f919df1a4f76521eae8b06bc

    Download Submit

  • /data/data/com.nextobjectygy/kl.txt
    Filesize

    54B

    MD5

    2812fb7484555227c71758bd2eaee6b3

    SHA1

    e7c3412bda4751320aa8ce5f28a3b286d50cf319

    SHA256

    51bad8d6ee80e6a1ecc82139a29dea39457a6d60c3832f7d5751b4b4462e22e3

    SHA512

    6f03d9cc636abc7b4f73712e54015b0fc5d40d80a64aaf7d7f33a3220bd048046c7ecd56f48ec1239c4a745fb9cc51da30eb869f69a48dc6d685059037c11d4a

    Download Submit

  • /data/data/com.nextobjectygy/kl.txt
    Filesize

    423B

    MD5

    f09481a8254e859dbb9f46c802b6d492

    SHA1

    0b0e9222118aba16fcf651a92975d83959a7babb

    SHA256

    5f61f0498ad0a1541547b8f29979a3c8ea7cb443152b7fb9164b082183cabcec

    SHA512

    b5c8011410d3c327f4227f741fdb9e94806700eec4f8d2eda73a1b0fcf2ed209a5984fc5a44cce16d7d075256779717750fc03ae80b38a2d8870fdd85e8e5d30

    Download Submit

  • /data/user/0/com.nextobjectygy/app_DynamicOptDex/oG.json
    Filesize

    6KB

    MD5

    603abf42f0ef8bf8780c6d483d8e40ac

    SHA1

    b04671e952552c8949b6d08974575561fa2857a0

    SHA256

    462984ea3c11fcc928436ed34fd0920453ba0518f02946df13eb189a8890976b

    SHA512

    c359ee524194294bdd8b04cebc751ba1db5a7653a2be86c6310c665ac1ef39ce0fe4873cd3e05197c83e20b1cbfc511f8bcf986abe5792f1094c166df9640b2f

    Download Submit

  • /data/user/0/com.nextobjectygy/app_DynamicOptDex/oG.json
    Filesize

    6KB

    MD5

    58e846b1e78a29b77a81113a915ed6cc

    SHA1

    e929dd35bc6cd2dc4417df46dcadc7a32b50875d

    SHA256

    1aa5a09744c24bd1b999846cd4f742b179fe3beb27f5467c161796c6357ba807

    SHA512

    5988e11a5b46ed74fabe6b4c72d7fff207e036bbd637e945c7657eaad078af1bcf1e6d4b2255213a0b86ac6fd4145a7bcbd7a1c08296c9f50e34ea0ae9c3857d

    Download Submit

  • /data/user/0/com.nextobjectygy/cache/mylywfwk
    Filesize

    271KB

    MD5

    4889f001450b34d1d50b0a8d1341a5e0

    SHA1

    0d015e40994ee61bd4582b34c18db5e762418a77

    SHA256

    eeeb9de74c2137c1d79a72da567e6610ce974d2d2a2f7ab38472dbb76dac0674

    SHA512

    0fabb069e66fd7b32cd03f6bec0228d2a74649ff35ef446943f0f92fe9d08dbecc23189a36f2c18265d2f89b217ea604897125419c3aa841b8a4a8a032c85e3d

    Download Submit

  • /data/user/0/com.nextobjectygy/cache/mylywfwk
    Filesize

    271KB

    MD5

    4889f001450b34d1d50b0a8d1341a5e0

    SHA1

    0d015e40994ee61bd4582b34c18db5e762418a77

    SHA256

    eeeb9de74c2137c1d79a72da567e6610ce974d2d2a2f7ab38472dbb76dac0674

    SHA512

    0fabb069e66fd7b32cd03f6bec0228d2a74649ff35ef446943f0f92fe9d08dbecc23189a36f2c18265d2f89b217ea604897125419c3aa841b8a4a8a032c85e3d

    Download Submit