Overview

overview

10

Static

static

7

98c291e2c8...fd.apk

android-9-x86

10

98c291e2c8...fd.apk

android-11-x64

10

Analysis

  • max time kernel
    1561713s
  • max time network
    133s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • submitted
    03-09-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98c291e2c8a0b2657db43c81f1554ba6068dfa60828c31df274862194d374afd.apk

  • Size

    541KB

  • MD5

    2e9fd25d4e9531882cd3c2bfaa5a83be

  • SHA1

    034b600ec412f729f4051f7cb790060386c77d35

  • SHA256

    98c291e2c8a0b2657db43c81f1554ba6068dfa60828c31df274862194d374afd

  • SHA512

    4157d9e3800abd8417530ba48aac89ac2c02c99681d098b3b29f1f754bbaedaa65485d873743328263a82ff577ffee92f98623cb61dcc6ce5ce2fe118f5d0f14

  • SSDEEP

    12288:nsJvbTrAOBdF4f3NNuYEY2n1FEEaK3OSKImLBHS/vnvz932baxdkU2StLHaG:sJ7BvQeJB1F3a2Vm9HKV2bVU3D

Score
10/10
octobankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://79.110.62.121/YTFlMzViNjNiNWM3/

https://3yamacfirarda22.xyz/YTFlMzViNjNiNWM3/

https://5yam7acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://5yam4acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://5yam8acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://5y3am4acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://6ya5m8acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://7ya5m8acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://8ya5m8acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://9ya5m8acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://15yam4acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://25yam8acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://35y3am4acfirarda22.xyz/YTFlMzViNjNiNWM3/

https://66ya5m8acfirarda22.xyz/YTFlMzViNjNiNWM3/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.letterlive89
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4206

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.letterlive89/.qcom.letterlive89
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.letterlive89/cache/hshuhzrvz
    Filesize

    450KB

    MD5

    7f6471278541711c7e5427e323468ffa

    SHA1

    9ecba16e0d2a85e3ea3c2368f26c9b6582138500

    SHA256

    a1c95f130752bf476ac59dce22701bcf0d4b20aece16a2fae762241717a1cfb7

    SHA512

    637d62aab5d7760f2570de880f180f1fcb3674bfebca38bf13317a39b2e4b712d55a43562a7491801c541c68733296cc299c489b7922bca00ce9b195d9ddba15

    Download Submit

  • /data/data/com.letterlive89/cache/oat/hshuhzrvz.cur.prof
    Filesize

    452B

    MD5

    8f0297ba9e102cf34800c5d2143858d0

    SHA1

    1443c821457bcb51e7ce1b42baa0b6b8cf8b8e60

    SHA256

    90931ac20961d37be0ad9bc3f61051d20050e965ee337cd099458d50528643f2

    SHA512

    7977c97209a68b870642c7b5f9274db232b495165af7c41ce7874f01d4c0943fb4b44c94908009df7570146e338b2a3615db003c05b4c1ac381e999bfed0e67d

    Download Submit

  • /data/data/com.letterlive89/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.letterlive89/kl.txt
    Filesize

    63B

    MD5

    cc1436580a7487f4d7d58a96d0aa24f6

    SHA1

    894aeda402aeb2b190264917f3c1dc6a795475cc

    SHA256

    c3ba83d426e4fe6f7281d76ce895bdab4ea6a189ca344f0ddedc927e3e69a405

    SHA512

    4c88519cc5518501b6805eb1ad89b72e61b498c8a4ec83abe6f1309e3eb3a71145b713858bc3c7ff16c2b115fb0b2d0ebf9081701bf492ec6503d205a9acb39e

    Download Submit

  • /data/data/com.letterlive89/kl.txt
    Filesize

    234B

    MD5

    e8e5fc851bfe63d49f6cb6097fe23059

    SHA1

    26f79d457b77af5b1f717821d97d939269d54bc2

    SHA256

    129b88dffd92cf904b978a833175f6c23dd4989087aff967df2a11516ad9d131

    SHA512

    854441ae46edc8330e764b442ccee64c6a6a4d2c53553f5c4c2ee3f7ecd4af57e6abae335a610391f92486aeece32e73572d464d4f77f75cda3f9895f3d1e537

    Download Submit

  • /data/data/com.letterlive89/kl.txt
    Filesize

    54B

    MD5

    908605039adccdc44f7f444d764920a3

    SHA1

    8aa615802e9b7209f7264cc59aa565ed89ccb893

    SHA256

    66b4f4c00f8930638b5d6b1ddab8e8c78b9707bc52e1068d2ed457c04c640574

    SHA512

    e6f9b3c7364e579aed866c052a91d11418090903244fee15ce574980858ced2f4dcfcd0e0d017ee4c604fa614829737b0bfdd79491d795d3b9c7975e2324b7a0

    Download Submit

  • /data/data/com.letterlive89/kl.txt
    Filesize

    431B

    MD5

    3169a7b222efb1ac03e5acd192f8c361

    SHA1

    205f952f40555fbe0943337e8b52ce8de4555c0e

    SHA256

    19ffef2fc7d8988b60bd9668c18fb1d7c9f21d7b76d2597f9b32db17c69dbc6a

    SHA512

    030129ec98f38bccf9343690747b5a8174f73e5a5f4d6ec08a9760ca1accf703524d6f7851cce8ccb03db017148fd4e13db01479f52ae9d970477ec78985d9b1

    Download Submit

  • /data/user/0/com.letterlive89/cache/hshuhzrvz
    Filesize

    450KB

    MD5

    7f6471278541711c7e5427e323468ffa

    SHA1

    9ecba16e0d2a85e3ea3c2368f26c9b6582138500

    SHA256

    a1c95f130752bf476ac59dce22701bcf0d4b20aece16a2fae762241717a1cfb7

    SHA512

    637d62aab5d7760f2570de880f180f1fcb3674bfebca38bf13317a39b2e4b712d55a43562a7491801c541c68733296cc299c489b7922bca00ce9b195d9ddba15

    Download Submit

  • /data/user/0/com.letterlive89/cache/hshuhzrvz
    Filesize

    450KB

    MD5

    7f6471278541711c7e5427e323468ffa

    SHA1

    9ecba16e0d2a85e3ea3c2368f26c9b6582138500

    SHA256

    a1c95f130752bf476ac59dce22701bcf0d4b20aece16a2fae762241717a1cfb7

    SHA512

    637d62aab5d7760f2570de880f180f1fcb3674bfebca38bf13317a39b2e4b712d55a43562a7491801c541c68733296cc299c489b7922bca00ce9b195d9ddba15

    Download Submit