Overview

overview

10

Static

static

7

4750303ce5...a2.apk

android-9-x86

10

4750303ce5...a2.apk

android-11-x64

10

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

Analysis

  • max time kernel
    2511867s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • submitted
    14-09-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4750303ce5a24d4adbc33df186560fd813f1b3788734e38c5320c904ceb1fca2.apk

  • Size

    1.7MB

  • MD5

    7bdc22af8df8ee40468c93b0213a3a05

  • SHA1

    1cc4bb61491be7f0adf5ebc94124307cab2043cf

  • SHA256

    4750303ce5a24d4adbc33df186560fd813f1b3788734e38c5320c904ceb1fca2

  • SHA512

    14e0ba08c4522fc05f14c9c41969899c64d7ca93356f70cec03cc4e66c7f7d03ee3e25ed566b181b4bd8edb775facea484767a64e5d583590eb39f0e36849227

  • SSDEEP

    49152:o/K5rP/0G/jxdE1E85TSIVexWJHu6XKZGZbmqQaKCAE4KoSV:o/K5B7x61EQTSIomHu6XKZQ/Qxq

Score
10/10
octobankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://nonkapizza.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.mightthree8
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4513

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.mightthree8/app_DynamicOptDex/Rd.json
    Filesize

    2KB

    MD5

    fda8738e2b938345dbd7362c977ef46b

    SHA1

    58fbf0d0b1b71bbf7bb779cf05bebd614c8ab48e

    SHA256

    e6e0b11c06889ac71349de379dae8be6b0fd73e843a28dce660287cd78c37df9

    SHA512

    3190dbe283d1134d62d09428e6893e46225d45810578e04eff0bd139d048ba00df5802fc452159bce7078b58a69037329ec1fface22d038ecc4014c3ece66ba5

    Download Submit

  • /data/user/0/com.mightthree8/app_DynamicOptDex/Rd.json
    Filesize

    2KB

    MD5

    b8c44bee2cede7cd084f1a830b06998f

    SHA1

    c7358f9eb5cf23ad67625fa71f80fa0ed83fcbaf

    SHA256

    4497a4ebbfd33ec17e080bb79a4c47cc29526687b800e98cda5676ea505e03f6

    SHA512

    20f0d2725a97764bea4a8884172843abeea06192cf69839b624aa81008e4fe255c9d4b76d43ba355fc20c6d5828ffeb5c94b3ded95d98dc85d58b0e61a66c34b

    Download Submit

  • /data/user/0/com.mightthree8/app_DynamicOptDex/Rd.json
    Filesize

    6KB

    MD5

    fc5e73b0a05523c5f79fc5418dc7d708

    SHA1

    8fdc13ba3ebf8af84b1050a5ec0837a7f419e6ef

    SHA256

    378950999010cc81ee319d4c622df90bd796589cb0e9f1223c8e7678f92796a9

    SHA512

    cfb2ccda173563409273d14b54a95e530715ec64c8787dc61faafce40da17e326d5fc3306e69015b58d843a073a06c95e86ff4dac909d8770b4d9c3a703a1816

    Download Submit

  • /data/user/0/com.mightthree8/cache/aegtcn
    Filesize

    449KB

    MD5

    7ac13a4fad1781ad1156ecc3b40b3f5d

    SHA1

    437766ff59af6a649f3734b53e96411e87ba1ccd

    SHA256

    ebe35df979664e1491adf89b13aaaf999220ad0ddd10e41c8b681102d0ca4ff5

    SHA512

    b576c10ddb47e62b3abee87c3a48ddd13c62770448cc61b404ac9e94fcbf2de6d8bd517e5482793137c94b931fdf973bab9ddb160484b0da59a7ae6c0ce64d8b

    Download Submit

  • /data/user/0/com.mightthree8/cache/aegtcn
    Filesize

    449KB

    MD5

    7ac13a4fad1781ad1156ecc3b40b3f5d

    SHA1

    437766ff59af6a649f3734b53e96411e87ba1ccd

    SHA256

    ebe35df979664e1491adf89b13aaaf999220ad0ddd10e41c8b681102d0ca4ff5

    SHA512

    b576c10ddb47e62b3abee87c3a48ddd13c62770448cc61b404ac9e94fcbf2de6d8bd517e5482793137c94b931fdf973bab9ddb160484b0da59a7ae6c0ce64d8b

    Download Submit

  • /data/user/0/com.mightthree8/cache/aegtcn
    Filesize

    449KB

    MD5

    7ac13a4fad1781ad1156ecc3b40b3f5d

    SHA1

    437766ff59af6a649f3734b53e96411e87ba1ccd

    SHA256

    ebe35df979664e1491adf89b13aaaf999220ad0ddd10e41c8b681102d0ca4ff5

    SHA512

    b576c10ddb47e62b3abee87c3a48ddd13c62770448cc61b404ac9e94fcbf2de6d8bd517e5482793137c94b931fdf973bab9ddb160484b0da59a7ae6c0ce64d8b

    Download Submit

  • /data/user/0/com.mightthree8/cache/oat/aegtcn.cur.prof
    Filesize

    303B

    MD5

    6f1b80ecc5797b50673efbb237c3dea7

    SHA1

    cac04867dc18b5e3610ddab15df50bb593cb1503

    SHA256

    4925ebad317b0b2f7cff1f4ced3282420d100213320827945daabdfe893e492e

    SHA512

    51dc0d0e853aaf3b157956d77c9245ec278002df4d194c27fe8f70b05ff12e12ca0bb15df59b1fdc4e574bcefc27599a83b746e71dbbe1f64e493161a1790a9c

    Download Submit