Analysis
-
max time kernel
2511865s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20230831-en -
submitted
14-09-2023 22:00
General
-
Target
4750303ce5a24d4adbc33df186560fd813f1b3788734e38c5320c904ceb1fca2.apk
-
Size
1.7MB
-
MD5
7bdc22af8df8ee40468c93b0213a3a05
-
SHA1
1cc4bb61491be7f0adf5ebc94124307cab2043cf
-
SHA256
4750303ce5a24d4adbc33df186560fd813f1b3788734e38c5320c904ceb1fca2
-
SHA512
14e0ba08c4522fc05f14c9c41969899c64d7ca93356f70cec03cc4e66c7f7d03ee3e25ed566b181b4bd8edb775facea484767a64e5d583590eb39f0e36849227
-
SSDEEP
49152:o/K5rP/0G/jxdE1E85TSIVexWJHu6XKZGZbmqQaKCAE4KoSV:o/K5B7x61EQTSIomHu6XKZQ/Qxq
Malware Config
Extracted
octo
https://nonkapizza.top/MmEzNTkzZDFkOWQz/
https://lauytropo.net/MmEzNTkzZDFkOWQz/
https://bobnoopo.org/MmEzNTkzZDFkOWQz/
https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/
https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/
https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/
https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 4 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.mightthree81⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mightthree8/app_DynamicOptDex/Rd.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.mightthree8/app_DynamicOptDex/oat/x86/Rd.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5fda8738e2b938345dbd7362c977ef46b
SHA158fbf0d0b1b71bbf7bb779cf05bebd614c8ab48e
SHA256e6e0b11c06889ac71349de379dae8be6b0fd73e843a28dce660287cd78c37df9
SHA5123190dbe283d1134d62d09428e6893e46225d45810578e04eff0bd139d048ba00df5802fc452159bce7078b58a69037329ec1fface22d038ecc4014c3ece66ba5
-
Filesize
2KB
MD5b8c44bee2cede7cd084f1a830b06998f
SHA1c7358f9eb5cf23ad67625fa71f80fa0ed83fcbaf
SHA2564497a4ebbfd33ec17e080bb79a4c47cc29526687b800e98cda5676ea505e03f6
SHA51220f0d2725a97764bea4a8884172843abeea06192cf69839b624aa81008e4fe255c9d4b76d43ba355fc20c6d5828ffeb5c94b3ded95d98dc85d58b0e61a66c34b
-
Filesize
449KB
MD57ac13a4fad1781ad1156ecc3b40b3f5d
SHA1437766ff59af6a649f3734b53e96411e87ba1ccd
SHA256ebe35df979664e1491adf89b13aaaf999220ad0ddd10e41c8b681102d0ca4ff5
SHA512b576c10ddb47e62b3abee87c3a48ddd13c62770448cc61b404ac9e94fcbf2de6d8bd517e5482793137c94b931fdf973bab9ddb160484b0da59a7ae6c0ce64d8b
-
Filesize
496B
MD5713a6265ce2c8caec45bd594b91ac67b
SHA124d67d48d4b3966fbad789ff92c9bd2c5dce7cf0
SHA256fe3b656e0ad0b09683f2809b1f35e4f6017f950087d7a80ff28838bc38c3243b
SHA51209995372896ddc42eced852366f5696610b8454c6c9cdedd382f72f2f9c049d06d47cde68d9173ce2513a1e4cb9d78a5f77e09c5ec3ee6eeef5b672302c2055c
-
Filesize
28B
MD56311c3fd15588bb5c126e6c28ff5fffe
SHA1ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA2568b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA5122975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6
-
Filesize
237B
MD5643af111421eff73a2e9bc45394a1c60
SHA1ee3fa9f76af191c88ddd56ed87bf3b68ac56893e
SHA2561ec2b75f2a3faa5ba01e580e465b95b4d0aca21034e94fbba4ccca60931dd498
SHA512c90f99bba8a35cf00d8f781b97d738ff71140786252e777d8621eb701450489841bf2674778412d76ccf7e352d0d000581305fc4fd5c3772bc34801520dd2146
-
Filesize
63B
MD547177e477d6c828f98aa212053798598
SHA1d4761568208696dd419248700849f75f09b17b1d
SHA2560035b123d36fc06014309edeebb02332ad1868547610f4914b5c314a3396d7b4
SHA512c84fcb14976aa00649011bfc787f80025b1a5e24d743fbd3a7fcd3ab89e85a500d7a53afcffc4bcecab4f714df89177ea0a64b632d6b1662f75f897a15181fc5
-
Filesize
54B
MD5ff551085d8fd686a0e8562c100f6e208
SHA1cebae6d6b7cf96abae5fd7efabf58ff6004a3eb4
SHA256c7a2b06c31c149231922149dc568971913aed06ba96b8a47d179ad689eb0cecc
SHA512ec372dfaab590104fd1b24b440b2886c79e0bdc39c7219acbb9224a722b474ea777b43159290438c7d21277f18a7b46e4ddb299cebb532c2536a738f3832474c
-
Filesize
437B
MD5a4d0f0d6bc01197349ce4a6c4462201d
SHA1cc5147540fdb0e5e02f00358a59524db5c58f46a
SHA25635b722b9f436e8882d360eea0b7770d4318011e7da13dbc3a4f87f7f55b23c12
SHA5123831b702cec2cbf2f93c19a88a0d53587bf8ca7a4f667b618ef35685005e0ffa701ffdb98eeb72506d6426c98b6fa57900d2a6f92fe61f80edcbdae953b3dcb0
-
Filesize
6KB
MD5be0a5a075adc773ecd07a5b13febaf14
SHA1bd389f7a10865caf3e203402e4edfb86adbe8ab0
SHA256c3066d1228e59f3dbec9478c1198674854595046257d9918c2eda87c716e5d2f
SHA512d77287aa9918033d79d2ebf246fb4a1f857d3e630c7ba53d19cfe17759f0161e9f79ea9e1111d6a1df9889e5f355866b19bec73ceec98e4d8ac1830842799d7e
-
Filesize
6KB
MD5fc5e73b0a05523c5f79fc5418dc7d708
SHA18fdc13ba3ebf8af84b1050a5ec0837a7f419e6ef
SHA256378950999010cc81ee319d4c622df90bd796589cb0e9f1223c8e7678f92796a9
SHA512cfb2ccda173563409273d14b54a95e530715ec64c8787dc61faafce40da17e326d5fc3306e69015b58d843a073a06c95e86ff4dac909d8770b4d9c3a703a1816
-
Filesize
449KB
MD57ac13a4fad1781ad1156ecc3b40b3f5d
SHA1437766ff59af6a649f3734b53e96411e87ba1ccd
SHA256ebe35df979664e1491adf89b13aaaf999220ad0ddd10e41c8b681102d0ca4ff5
SHA512b576c10ddb47e62b3abee87c3a48ddd13c62770448cc61b404ac9e94fcbf2de6d8bd517e5482793137c94b931fdf973bab9ddb160484b0da59a7ae6c0ce64d8b
-
Filesize
449KB
MD57ac13a4fad1781ad1156ecc3b40b3f5d
SHA1437766ff59af6a649f3734b53e96411e87ba1ccd
SHA256ebe35df979664e1491adf89b13aaaf999220ad0ddd10e41c8b681102d0ca4ff5
SHA512b576c10ddb47e62b3abee87c3a48ddd13c62770448cc61b404ac9e94fcbf2de6d8bd517e5482793137c94b931fdf973bab9ddb160484b0da59a7ae6c0ce64d8b