Analysis

  • max time kernel
    2724557s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • submitted
    17-09-2023 09:07

General

  • Target

    85317f8dd8662c759a22b6290a35e7726ab78b897d42087a581e77825460162ebin_JC.apk

  • Size

    541KB

  • MD5

    572d169d146cc552407673698da5577d

  • SHA1

    c93ab37a0fc6e0598b15c7cac84c259def1c12be

  • SHA256

    85317f8dd8662c759a22b6290a35e7726ab78b897d42087a581e77825460162e

  • SHA512

    96841de9a2dd9128db321f3311018dd8d9aebba2a7434c2738e01e28f35c12cb3e25de2fa48471f928efc0c49593d1ea909b9550b7a235f2fd1a638c4aafbe1f

  • SSDEEP

    12288:CoCXlaqBe5KIm+K4sXqNjdyaQw4WHeYnwEY5EpKgLdg7MqZjgByoAuwmj:PCX/YFqqNU5WjnwRUKgLdCjSP

Malware Config

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

  • Octo payload 3 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.hotfounde
    1⤵
    • Loads dropped Dex/Jar
    PID:5041

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hotfounde/cache/zukrstohbksvsu

    Filesize

    450KB

    MD5

    965393330f77bb1426a5877f06d2ebd0

    SHA1

    7fcb36f4134e9bfd2e4a419c0758c2622c661173

    SHA256

    b164207f9fe1c37f5e1edb090a4ccd27c4c37564960109e42192b8e399f59066

    SHA512

    cf5ca338c9e0b228052210d4046f170b65c712685ff72924e3b9e6edec74d55620e617402ddb0ab0413da0881c5e2313f06602876b811d7551415e3abf12af24

  • /data/user/0/com.hotfounde/cache/zukrstohbksvsu

    Filesize

    450KB

    MD5

    965393330f77bb1426a5877f06d2ebd0

    SHA1

    7fcb36f4134e9bfd2e4a419c0758c2622c661173

    SHA256

    b164207f9fe1c37f5e1edb090a4ccd27c4c37564960109e42192b8e399f59066

    SHA512

    cf5ca338c9e0b228052210d4046f170b65c712685ff72924e3b9e6edec74d55620e617402ddb0ab0413da0881c5e2313f06602876b811d7551415e3abf12af24

  • /data/user/0/com.hotfounde/cache/zukrstohbksvsu

    Filesize

    450KB

    MD5

    965393330f77bb1426a5877f06d2ebd0

    SHA1

    7fcb36f4134e9bfd2e4a419c0758c2622c661173

    SHA256

    b164207f9fe1c37f5e1edb090a4ccd27c4c37564960109e42192b8e399f59066

    SHA512

    cf5ca338c9e0b228052210d4046f170b65c712685ff72924e3b9e6edec74d55620e617402ddb0ab0413da0881c5e2313f06602876b811d7551415e3abf12af24