Overview

overview

10

Static

static

7

f948df627c...63.apk

android-9-x86

10

f948df627c...63.apk

android-10-x64

10

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

Analysis

  • max time kernel
    1561688s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • submitted
    03/09/2023, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f948df627c90c3b30b87618b4aa1c5a260fab7ed41b61fbea37aa6096da96c63.apk

  • Size

    1.6MB

  • MD5

    5120df98fc22ea0d85e0614278ad9908

  • SHA1

    9a7a884dad18bd402939b8aa84fee55e99d15d25

  • SHA256

    f948df627c90c3b30b87618b4aa1c5a260fab7ed41b61fbea37aa6096da96c63

  • SHA512

    31a1bd96ae8fd3398e97fb9496b165c9688b0e749ec6c3ffcd7462303956668d321af604f88b9743cbc5b7e315fe9bb2cf2551dfdecc8b9458a6c12e50ae962a

  • SSDEEP

    49152:DBPaHDVnyWLs/z67VftaG/3FFCXmZGZbmqva8uAE4KoSS:N6Ls/m7V1X1FCXmZQ/vrV

Score
10/10
octobankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://topfexgg.top/MmEzNTkzZDFkOWQz/

https://lajungpopo.net/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.lighteveryxn
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4131

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.lighteveryxn/app_DynamicOptDex/AgxIA.json
    Filesize

    2KB

    MD5

    d12b83f00dc59e56264147f1e26a5c79

    SHA1

    007c411b4c86ac79d784b73f4716d12c7ceb3289

    SHA256

    09f736fbce86b6173990db6a1bfb26f50d6e62078882983aef643c1f44db40e3

    SHA512

    317cb7833d049cb5e212f4eba23a2da1ac898af7f9e5c4a7b2fc06be3f7b3e1dc8306528abab11438c4006de5bfd8068915c8e0c6d5f7475c22a0bf16053fc63

    Download Submit

  • /data/data/com.lighteveryxn/app_DynamicOptDex/AgxIA.json
    Filesize

    2KB

    MD5

    263937f3add6e7a2abbe7e752bfb3397

    SHA1

    2cfe4668d512607e1e03ea6eb6aa51afcc060d38

    SHA256

    6380a03d12051195a1b31afcd2a20cc923d0e7a3e17183304d5a8cd3cb9cf20a

    SHA512

    e3bcebd7039433509c86d5a0a5a5a24f002c9f69c119106ca00b0d6eb2c3ba4c907cbe8dc0bc1bcb0cc569de0382a9074d5d731502566f5178545113734721d4

    Download Submit

  • /data/data/com.lighteveryxn/cache/dnvcdsvzutf
    Filesize

    449KB

    MD5

    92a618dffd9b47b6e8d29d47ddfc95ae

    SHA1

    86f1b73b42102c9d2eab7611fa6889b23b1e5b00

    SHA256

    be769abac98d71c5c418e3f570c4ec363a888389ee37731ca56fc5c14b610778

    SHA512

    58490868e2789aa5ddaf6f8c428ff1af4ff1085920c54d7593bdb106aaff4d3814eb75856f5d13803cf2db7cbd9e1d0c841e252b1fa6dc5ba1aeee8d6d89e53d

    Download Submit

  • /data/data/com.lighteveryxn/cache/oat/dnvcdsvzutf.cur.prof
    Filesize

    460B

    MD5

    7c997ada77da8e0cf9c686996e987d65

    SHA1

    a8de4d4ef600b0441f772b976e00353cde68887a

    SHA256

    06c47c5480c32e4256b9b18dda7ad210d030efcaccf81e3877393f15c7ffd6d1

    SHA512

    da647f765ac53665efa17c7548c219aac7cd37ef279cb7835b5ba2319da271f78478065cef9b5202f8371f0d7455656edc9db1af0a0ae3b07d273063f7218ac8

    Download Submit

  • /data/data/com.lighteveryxn/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.lighteveryxn/kl.txt
    Filesize

    237B

    MD5

    90c573bc4a22a2b275bbc169afdd6d28

    SHA1

    7f81f35440d0ba426b833dc1711e86eeeab9305e

    SHA256

    9d184b9cfea1a1fce6580969b35e4f5238f18eda573d991596e8987b1912e4eb

    SHA512

    5f5731c3b1bff50619c2bb41a61658fe2e4443c5a2d9d83039ff0d4da1ff202734624d986e5d45d1199eb3b8fc7c3ea8d24f4f1e1c11d46e7168544940b65b10

    Download Submit

  • /data/data/com.lighteveryxn/kl.txt
    Filesize

    63B

    MD5

    7b220b1d06de0cb3dc2ba14a4da726e8

    SHA1

    9b6eb0d02cb7be4a1245444956db0d8824b53cdf

    SHA256

    a1a119d8d369550ab623d30524fafe180a93aa8b7e9f04eb48a830ff8d62094c

    SHA512

    d1fcacb5ab135bedac8c1676562bafe3fff0147fc3635e57ba5606c4696d38cdf3c258ea2cd9fc2a344daa833fe2e30d8ddbb2210779d4c91b67ef6e1060808d

    Download Submit

  • /data/data/com.lighteveryxn/kl.txt
    Filesize

    45B

    MD5

    93f0a5f64c94f6aa44af56dcc3b15a7b

    SHA1

    c4f7c3792bc22178124ba96aafc3e195fffa8cf3

    SHA256

    7caf3adeebf4e6c0362af35c09b909caa68a9d1bcc405e683962d97db0071d9d

    SHA512

    2b234ecdb9e434866a1230c7faefdb4b1aed380cfc671a8426cfd8e3487334723d92c424614bbaabca725cce91f8e2a86266b58d661ba5071e95aaa4c07eb077

    Download Submit

  • /data/data/com.lighteveryxn/kl.txt
    Filesize

    437B

    MD5

    9dae67ed103d3c410026a6d4f6ad3237

    SHA1

    13aeb5dcc4c2cba0b4d6449a311c03095f5a02a3

    SHA256

    0baea574a00c25c178d9e43c2203b01ff9235cec41650cbec75bd00bd4ecb5d0

    SHA512

    7d759c334330a9e362d45d7f35e9f6c5b77f8b203121a96c3c3566afb5ab8848df35fe98cf9f032d491b372b08e193d3d4644fbabf5d19c86c3d997730a6cb86

    Download Submit

  • /data/user/0/com.lighteveryxn/app_DynamicOptDex/AgxIA.json
    Filesize

    6KB

    MD5

    5c46ea7264060f7a4c017f8adafc6edf

    SHA1

    691ed63bbd609558c22adda4f93b4ca478dbd27a

    SHA256

    abaeac530f4bc335611a19b3808cb929fcd0fc10388389115f8896fe9be9144e

    SHA512

    0bd1b7b005944caacb63aebaebb596a567fcb2e1771d96d7c039c7cd583fa4f74091bfdd3fbd3b3bdf017b75da9d20f7480eca0c4df901baebff1173f08e490c

    Download Submit

  • /data/user/0/com.lighteveryxn/cache/dnvcdsvzutf
    Filesize

    449KB

    MD5

    92a618dffd9b47b6e8d29d47ddfc95ae

    SHA1

    86f1b73b42102c9d2eab7611fa6889b23b1e5b00

    SHA256

    be769abac98d71c5c418e3f570c4ec363a888389ee37731ca56fc5c14b610778

    SHA512

    58490868e2789aa5ddaf6f8c428ff1af4ff1085920c54d7593bdb106aaff4d3814eb75856f5d13803cf2db7cbd9e1d0c841e252b1fa6dc5ba1aeee8d6d89e53d

    Download Submit

  • /data/user/0/com.lighteveryxn/cache/dnvcdsvzutf
    Filesize

    449KB

    MD5

    92a618dffd9b47b6e8d29d47ddfc95ae

    SHA1

    86f1b73b42102c9d2eab7611fa6889b23b1e5b00

    SHA256

    be769abac98d71c5c418e3f570c4ec363a888389ee37731ca56fc5c14b610778

    SHA512

    58490868e2789aa5ddaf6f8c428ff1af4ff1085920c54d7593bdb106aaff4d3814eb75856f5d13803cf2db7cbd9e1d0c841e252b1fa6dc5ba1aeee8d6d89e53d

    Download Submit