Overview

overview

10

Static

static

7

7461c3dccd...5b.apk

android-9-x86

10

7461c3dccd...5b.apk

android-11-x64

10

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

Analysis

  • max time kernel
    3030275s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • submitted
    20-09-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7461c3dccd52b577d3f6be9e9c0c1d61a159e7b24554e6407f52a2f334469d5b.apk

  • Size

    2.2MB

  • MD5

    94d4319d570d513a8c650c36be647d12

  • SHA1

    02f3f0265bd49267b164086813adbaa41c251e44

  • SHA256

    7461c3dccd52b577d3f6be9e9c0c1d61a159e7b24554e6407f52a2f334469d5b

  • SHA512

    feebb8647b0ccda267fe7268a731485e7a1ea18056251fee9c48e50734dc31724752d18118bce4fe83d2457aee5d06be8c93dfb29a53e8dbc590e353cf998668

  • SSDEEP

    49152:YfoSTgpefV301lkM9MekZJ6fKVNwaJi7iCrJXuZGZbmqRNmbAE4KoSy:soxpe1dZJ6feN9cLJXuZQ/R5d

Score
10/10
octobankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://chroww.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/

https://superjunggvbvqqww.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnewsww.com/MmEzNTkzZDFkOWQz/

https://dejunggdejunggww.com/MmEzNTkzZDFkOWQz/

https://dejunggdejpopopounggq.com/MmEzNTkzZDFkOWQz/

https://dejunggdejunyyyyyggq.com/MmEzNTkzZDFkOWQz/

https://shopjunggvbvqq.com/MmEzNTkzZDFkOWQz/

https://nggvbvqqwq.com/MmEzNTkzZDFkOWQz/

https://nggvbvqqdfdsfsq.com/MmEzNTkzZDFkOWQz/

https://nggvbvqqopooq.com/MmEzNTkzZDFkOWQz/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.eastcause0
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4172
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.eastcause0/app_DynamicOptDex/cnmXCDd.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.eastcause0/app_DynamicOptDex/oat/x86/cnmXCDd.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4197

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.eastcause0/.qcom.eastcause0
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.eastcause0/app_DynamicOptDex/cnmXCDd.json
    Filesize

    2KB

    MD5

    606238e1ed663d9920d175f0aedc0fcc

    SHA1

    6ce8c3802008696c9c006591b41836aad751298d

    SHA256

    f6547fd3997cd54696e03cd3170f98ab9fdfa10883be57cf38e89f6b7ab5191a

    SHA512

    524f3615c29acb17b4bbd386c2564ac58c2b7144eff344aabaef03e60c492bfcaac9b92026751155f34a91dc7ff42d17e13ea0119f6379b30be4bb3a4bf3acb3

    Download Submit

  • /data/data/com.eastcause0/app_DynamicOptDex/cnmXCDd.json
    Filesize

    2KB

    MD5

    24fc366e5c26f7d73daebc33492641bc

    SHA1

    64d50c4901c30e61f919392ae5cd07449dfe01f0

    SHA256

    120e4ef5579ad7a492ca0ed26e499946960a117948459f0dcadfd70bfa88e68d

    SHA512

    9c6dbe355268895372b93247e668d76495f8b270160e536d6fe47a5c2a7a3287aa643337310cb6848a735a5b1b3e69315cbca25237ab0e37ee3880e1b46dfe4a

    Download Submit

  • /data/data/com.eastcause0/cache/oat/svzpmg.cur.prof
    Filesize

    441B

    MD5

    861d8a1b198fbaa7d9bac6d6e025439a

    SHA1

    abcccd7fa76aeb930579d63f2e0bbfeb90ef2126

    SHA256

    b6a1402ad614d98b71b50e4ee5e3e355aea2ebfd89468e36fb5b486670d05a8a

    SHA512

    05c84124ec4b5babc4aa1ab1defbdb2cf7056d93c6af8fcfabf3509c31f37f0c8d716d7042e2ede091f128717aebac5572374340f0baef8f0eae6e8c4eb71494

    Download Submit

  • /data/data/com.eastcause0/cache/svzpmg
    Filesize

    448KB

    MD5

    2932967a4879f1913ffc78282fde9b7b

    SHA1

    48fc96dd78133c390909893047fd5385310d8584

    SHA256

    3c16d3239a1ae4927535ff8ce7e6f11f60fe491ef51406da4f64df18078b870b

    SHA512

    8976654694800f9cdfc11a4fc58f3bacbff3018d316670353518efaa20b946d304444799cb968395d132dab1a7e3a8fe44535ede8cccbd915e93e63d6e8701f5

    Download Submit

  • /data/data/com.eastcause0/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.eastcause0/kl.txt
    Filesize

    237B

    MD5

    8912e0f48de4d93343bf8bc70ff808b1

    SHA1

    41a194b2591e45cc3b867cffbe3f7a2dd6a3593f

    SHA256

    ac24f6fc1cee41b1896de10915f294aa2d1cd5ff4e44be8daaa4872f3a3f5749

    SHA512

    15c57f086eacab65646a2dddc9a41a56615c7d4df8ae76b424757ee44bccd0d1b7056235a5bc375d83606cd48b1121c7ce32b11dd04a54f809c9c7e9f98d6631

    Download Submit

  • /data/data/com.eastcause0/kl.txt
    Filesize

    63B

    MD5

    fd55ce680aa589562394684ceac94538

    SHA1

    668daf37eccc7243bbf0697721aac72997952390

    SHA256

    cf970233c8e0c1a6dba8f5a7dbe3db54733d25490a3fb072434d15667f297240

    SHA512

    f9bf84a5154a2bea234d9cc30a691cace48037ae570ad8e1656da455fb77a98b3879fe7f390f162cfb1025ff1d15767cbe874283f09c2c07eab78cf466b81c9c

    Download Submit

  • /data/data/com.eastcause0/kl.txt
    Filesize

    54B

    MD5

    e959c7ed2aaebda121d11ed01fd68e29

    SHA1

    fa6fe940fea9799cc13a793982c40945f7d77ce2

    SHA256

    3334c4812cc73b4b3719525bf5cf2be68b7a8fb4a230b12678db40a1187932da

    SHA512

    3b95a84c0f4ed3ac1352e9ac9b7b2ef0977e5ca6226fb64d6aa1e49e43bba435b80a6cf6f38098ebd4adda15206e446d1f998844ff3fbc10827c021309270b8d

    Download Submit

  • /data/data/com.eastcause0/kl.txt
    Filesize

    437B

    MD5

    edcfa2ac9a46941c3b51d4785b7c24a1

    SHA1

    5c4d9db891bab23822911bf7d33477f3dea49570

    SHA256

    29c18ccb374410a8e0d00de00a642aafa19a74088db51131a23d3903c502ee6f

    SHA512

    a04c72b80dc7fb06af473a7244f89335514408ac6061c9c36807fd77044f8a1e30db0e73ff6a2da8782eec53773f5d14d243a614a794e8777fad0413f1191813

    Download Submit

  • /data/user/0/com.eastcause0/app_DynamicOptDex/cnmXCDd.json
    Filesize

    6KB

    MD5

    4fe9c597a0de2db90cedd6770bf4606d

    SHA1

    224c1d3f54da66ff6a1a3b112c146eef930214f7

    SHA256

    c7dc0da6744108c232c9baa22b9fd0c68c2ab76384355c5fdadb84e85b8af2fa

    SHA512

    4b2a27f870cce359229175883b04ed7585efa346dbfd0859f84b6881de578dba2d1ba882a555f5247412df5eaa7b71cc8b50df7636ae86941ea37089e44213c7

    Download Submit

  • /data/user/0/com.eastcause0/app_DynamicOptDex/cnmXCDd.json
    Filesize

    6KB

    MD5

    0c3f73ac474416150356939f4a3c5ad3

    SHA1

    18aa03ef5b2e4375d48d861774ed9fda9cc005d0

    SHA256

    3fbb3784b015d2c9c532c0f1d1dfc6b4ec3d7669d584104b725004093755d4c0

    SHA512

    80102348f2da82cd3f9a51dfcacd261cede22a01cd28404577ea0a96c42cbcc3e4785b565ef27db327c2eb7e7ee35084a1623a7bfbd548676e822029ac90624f

    Download Submit

  • /data/user/0/com.eastcause0/cache/svzpmg
    Filesize

    448KB

    MD5

    2932967a4879f1913ffc78282fde9b7b

    SHA1

    48fc96dd78133c390909893047fd5385310d8584

    SHA256

    3c16d3239a1ae4927535ff8ce7e6f11f60fe491ef51406da4f64df18078b870b

    SHA512

    8976654694800f9cdfc11a4fc58f3bacbff3018d316670353518efaa20b946d304444799cb968395d132dab1a7e3a8fe44535ede8cccbd915e93e63d6e8701f5

    Download Submit

  • /data/user/0/com.eastcause0/cache/svzpmg
    Filesize

    448KB

    MD5

    2932967a4879f1913ffc78282fde9b7b

    SHA1

    48fc96dd78133c390909893047fd5385310d8584

    SHA256

    3c16d3239a1ae4927535ff8ce7e6f11f60fe491ef51406da4f64df18078b870b

    SHA512

    8976654694800f9cdfc11a4fc58f3bacbff3018d316670353518efaa20b946d304444799cb968395d132dab1a7e3a8fe44535ede8cccbd915e93e63d6e8701f5

    Download Submit