Analysis
-
max time kernel
2857499s -
max time network
144s -
platform
android_x64 -
resource
android-x64-arm64-20230831-en -
submitted
18-09-2023 22:00
Static task
static1
Behavioral task
behavioral1
Sample
0bb481d1633760ad1491304a0edf3477cf2a172d99a641af6ef64c391cf9ec8e.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
0bb481d1633760ad1491304a0edf3477cf2a172d99a641af6ef64c391cf9ec8e.apk
Resource
android-x64-arm64-20230831-en
General
-
Target
0bb481d1633760ad1491304a0edf3477cf2a172d99a641af6ef64c391cf9ec8e.apk
-
Size
541KB
-
MD5
092c45ac1a165132f7c6f0d246e8d449
-
SHA1
736d1cbca21b368216a511b7ca4b1c6a5f758dd0
-
SHA256
0bb481d1633760ad1491304a0edf3477cf2a172d99a641af6ef64c391cf9ec8e
-
SHA512
39cc369fdcf151429feaaffd38a436244d1e21396d5baff77dd3d22a8b28979041f3bb993a8ba78300bc9c44b11d189bcc56019963e9286c9438a5a98c87119f
-
SSDEEP
12288:dqdqUlwNNd/ASyVX+SGth4dMLdbtcmNMNKXScDC:dqwzjYS0KLpLX9NCKCb
Malware Config
Extracted
octo
https://185.225.75.207/ODVlZDlkMzU1ZTRi/
https://2jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://4jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://3jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://5jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://6jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://7jamiryo22113.net/ODVlZDlkMzU1ZTRi/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
Processes:
resource yara_rule /data/user/0/com.rananimalclth/cache/rvutggvetmys family_octo /data/user/0/com.rananimalclth/cache/rvutggvetmys family_octo /data/user/0/com.rananimalclth/cache/rvutggvetmys family_octo -
Makes use of the framework's Accessibility service. 3 IoCs
Processes:
com.rananimalclthdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.rananimalclth Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.rananimalclth Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.rananimalclth -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
Processes:
com.rananimalclthdescription ioc process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.rananimalclth -
Acquires the wake lock. 1 IoCs
Processes:
com.rananimalclthdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.rananimalclth -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.rananimalclthioc pid process /data/user/0/com.rananimalclth/cache/rvutggvetmys 4540 com.rananimalclth /data/user/0/com.rananimalclth/cache/rvutggvetmys 4540 com.rananimalclth -
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes:
com.rananimalclthdescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.rananimalclth -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.rananimalclthdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.rananimalclth
Processes
-
com.rananimalclth1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data).
PID:4540
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
296B
MD5758d801c0d905389d1b39e727881ee91
SHA1e74bb1dde3c825d97b20155d2a4f5fc8da65e34d
SHA256744ad0c59163e5f30e692941a9d98b29350bf050c54bcb0cf6b3defd145f691c
SHA512421228932311f7d9f97d142deea3ecad893aa31097d1f6c72901a0b493af54936dd0ef76cc25317d212e68787b79d5e76bd1bdac5ff3dc253245a00c99ef37c4
-
Filesize
450KB
MD5cb9c6e00df039c92031cca4db45292fd
SHA18526461e115aeb2483a65569a797de42de37262d
SHA25638d51dbbacff037825bffe611e1ef3d2710ea62e596408f285403fef587337d7
SHA512005b1c6cca446e375377023c4b79553835ceabe1344d1e9fd3733fdcb3b76e04172391ea1db7c8831b59880f630652e64d3c84d2cee4b689124b0a814a1019fd
-
Filesize
450KB
MD5cb9c6e00df039c92031cca4db45292fd
SHA18526461e115aeb2483a65569a797de42de37262d
SHA25638d51dbbacff037825bffe611e1ef3d2710ea62e596408f285403fef587337d7
SHA512005b1c6cca446e375377023c4b79553835ceabe1344d1e9fd3733fdcb3b76e04172391ea1db7c8831b59880f630652e64d3c84d2cee4b689124b0a814a1019fd
-
Filesize
450KB
MD5cb9c6e00df039c92031cca4db45292fd
SHA18526461e115aeb2483a65569a797de42de37262d
SHA25638d51dbbacff037825bffe611e1ef3d2710ea62e596408f285403fef587337d7
SHA512005b1c6cca446e375377023c4b79553835ceabe1344d1e9fd3733fdcb3b76e04172391ea1db7c8831b59880f630652e64d3c84d2cee4b689124b0a814a1019fd
-
Filesize
63B
MD5d9497450e98b3ddbed48a06cfd39a604
SHA10819861e37476e03a653f3ad035096e857c47ec9
SHA25602e53f8b3f6e5acc5754f78fb06e7837972ea3094288256589428abee78e6ad7
SHA5129716f0740f930560345f21e986f5466d50566076b9fd07a900f469bb7951e9f373dba89605a7f16989fffc946026edc0cb16c02032e76d76861a16de5cc5dd26
-
Filesize
235B
MD5bc49a2b7e78bf785e0178e53c10df093
SHA1c462fcdf1f84d567fa9e1eef2febc0ace65ff2b5
SHA25636c52cea3d7f4bc568afb3c7e5821ca8ed3c83fa51c5c071c4ae363b4a4bb350
SHA512d96f21553ae1e5e207818ff3e2ce665a94212257cb3709461b3a9ef21c72cdf6547d078cf635f3e4cf5473a632dd4dd406c2b9e6feba3fbc04d611879798ed2d
-
Filesize
45B
MD5debf5e1cf518ebed08855325023f04ce
SHA10add3d518edcad346610c13522a631ed7dc03b80
SHA256f260729fb2aac7606a86af354d927f42460106ce869eee027f74af0fc47604c8
SHA5129456be7b69ce581361f78820b43810fb321ca9188647a841326f2ac2d82ec435507b7e3c438d83cb503dafde44abd6cc14c3828746678f2028dc1fa3fc32c0a4
-
Filesize
79B
MD58fc9964ee8ac3db5753c9728b7a8c5a8
SHA19a7f5b5006d049d0f47316f02150c35463a590a9
SHA2560627e989a5ee32ee9795b92392c38173ab2a860ea21a91cdc4c0ae4b41a2bdd4
SHA512417fb0473e3ee4f512c8ac3c7061b94453b235e0a13dea4ec0f2335ea62317087320eb86f9da12833ee7c85747a31cdc337f06fbf000489c33d36d2ab754a40d
-
Filesize
476B
MD524ecccfbc908e8503444e586c9e921a0
SHA1c11a54eff11be515cab69a83c8b72b15890bc18e
SHA256cabebcde8278d53156908f2213229284615a19fc4ba869e2a4fcc9716305c599
SHA512894d440e13e1becb0a7be3cad5e3672a1944a0e9956adc285d9c21a4a0105bc356c733b060b974865f44388d1c891f1d79de758aa5bdb0e6b36e9dc929afa5e4
-
Filesize
54B
MD5d2a33e5c566f5aca20fc7617b5b6d9a2
SHA1e3fad0436c7f2de31b585e30787ad76e24503243
SHA256e7d33b1d7cca3037bbd8ae43f6fa4f18a13a08d4e916845d3c35142180aec940
SHA512574c1c29b9a5fb1bad639ba6cbca86683d596f3d645106c6dd9256bfcdf1a46af62eef520a290ede08c855899649848bfc1514fac0f0ad2a6e0bc146c06990a8
-
Filesize
45B
MD5c720516762a990137545307df7f90586
SHA13bc8d7aa6658b3e71629875aff9aab7d27fcecb7
SHA2565293acda1a571b76fc78362667fd7dd74622a9886a02d86a39788c911e2b5af7
SHA51220f7b222049d61c27c8d7051253aaaeed89309a23e176d4b78be05929fdb801edb2f75267eacd648e0b4f0c18d05883f7a8c86e50ad9cbaaed6f52d9b135eebf
-
Filesize
63B
MD5e91b52a4fceacfe726c7887e62c25916
SHA1160125a86d86ecd03faf54daef25c18207138553
SHA25674cb509d0313553dbb95a7331c57458fefe1d6db2fcf45cf519ce9a3ad187824
SHA512c6645f82a38bf31d8eb622dd352006f585d3569aa07e3869dac14c67bcdbf923b9796d3075b0e1de6719c603739851fadf1690d895dc29356b44a4874b56e13d