Resubmissions

25-09-2023 22:51

230925-2ssm5adg99 10

25-09-2023 22:50

230925-2skyaacf3s 7

25-09-2023 22:49

230925-2rsxhacf2v 7

25-09-2023 19:47

230925-yhh46ace26 10

General

  • Target

    ChromeUpdate.apk

  • Size

    1.4MB

  • Sample

    230925-yhh46ace26

  • MD5

    e8663d7b3eec9509ed49d5a85d0c39d1

  • SHA1

    af654776384ece12c2274ae39acfebb6cc39f639

  • SHA256

    846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d

  • SHA512

    827f1c2de44bfc0c935f10223d93711ae592377f5c7ba4f9daba64f2d90f911f4f1a65990211a2b8e6a151d08c5fc840d6e2d8c26b6031d40f79c8963278b053

  • SSDEEP

    24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr

Malware Config

Extracted

Family

octo

C2

https://zaglefolki1.info/MTU2OWE0NzJjNGY5/

https://passajire555.live/MTU2OWE0NzJjNGY5/

https://majestike8ca.top/MTU2OWE0NzJjNGY5/

https://jikugac818v.vip/MTU2OWE0NzJjNGY5/

https://f2kic1nam25n81k.cc/MTU2OWE0NzJjNGY5/

https://cleverk21da912mca.live/MTU2OWE0NzJjNGY5/

https://zazarazgok7215vor1.pro/MTU2OWE0NzJjNGY5/

https://juf18ki1ca15ca1la.info/MTU2OWE0NzJjNGY5/

AES_key

Targets

    • Target

      ChromeUpdate.apk

    • Size

      1.4MB

    • MD5

      e8663d7b3eec9509ed49d5a85d0c39d1

    • SHA1

      af654776384ece12c2274ae39acfebb6cc39f639

    • SHA256

      846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d

    • SHA512

      827f1c2de44bfc0c935f10223d93711ae592377f5c7ba4f9daba64f2d90f911f4f1a65990211a2b8e6a151d08c5fc840d6e2d8c26b6031d40f79c8963278b053

    • SSDEEP

      24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

    • Target

      ad.html

    • Size

      15KB

    • MD5

      52c368fc009579446f8dc67daf8dca87

    • SHA1

      fc52b078a9a02847efbf85d10f41b961c85fa459

    • SHA256

      9b6cfb0e52c7f7dc99d5f5b7e2a6142fa3ad82d1333f42877eed3d29b0561579

    • SHA512

      c80bcefe98c2eab09d4a831e788cd50563c62333d4c8aa81046df2acc9888c5a87da45546c1ee7d40bc7a9d7148075e3029e09e4b086406f6143a589111d1cb8

    • SSDEEP

      192:xMejgzfCtmdyPfojYA5D5zniVkG4zhxm45IqTbTD5qRSwpcPt6FLYFieRO6shWUh:flqiO5RrD5qBpWt6FAieRahW6X

    Score
    1/10
    • Target

      aps-mraid.js

    • Size

      10KB

    • MD5

      7eb2e0ad4328a0c303ba8a0a77fbbcee

    • SHA1

      fba9f141cd195378cbb266228b2c3abe6f1a2319

    • SHA256

      5786e5ec3a9425ea2297eccf7b5629491a7c58bdd5877f5a0edadac073ed532d

    • SHA512

      7cbebf9395e4ee3624c3ab84948d98a9b6592946221409681e3ade83f1f2831d0213ba20052f98e71230b9ef7e072e6b0b816534b777bfb512053100bbd0098c

    • SSDEEP

      192:RiCYiIp5RsHMSP2io9SyKMnbCXnBtdyvgVHGlzjTSWiwvi/:RJ6VsHVP2io2MnUjyvgVkzP3i3

    Score
    1/10
    • Target

      assign_labels_local.html

    • Size

      1KB

    • MD5

      b152537ba127d8460bb68e6c654440b1

    • SHA1

      ce3cc1561c9791352d6483b814eea034f3744625

    • SHA256

      2d019088a023dc89232b03863c4a587ef10b9a7d70859db05b6faa754f366c2b

    • SHA512

      d31c69b08d80b740f010e0e911e2abf851f897d4068d99cf5a3e9ec05adff8b47db880996f7ee9a7bb00f37468bb133c2367207069d54baf54872573985a960a

    Score
    1/10
    • Target

      blood_glucose_entry_local.html

    • Size

      1KB

    • MD5

      3189fa9ee5e017a8594ea3bfd6b979c9

    • SHA1

      36abf30ffc1fa35bafe1151234e3a9196320452c

    • SHA256

      b34900c40fe1d76a24c116b4c2c1dff4b983a3ca6c355c1d3c94c7a088f7f2f3

    • SHA512

      2a0ec7f8d35f40cdb7120b70d74064ce4272fc75499d5fe74fd839e25b4d9bc979a826c69311b49fe2b3647355bfd86d583e879637645e58d4c11c1d3c848119

    Score
    1/10
    • Target

      blood_glucose_local.html

    • Size

      1KB

    • MD5

      bf57710afa315efd25ec6a7a691880ab

    • SHA1

      0143d6261505b4e19173d67cac2727e82b5bfe3e

    • SHA256

      6b7fdea002cd0b8ed8b38fcc500987c39c679a27a84aef2faf58c2e0772498ba

    • SHA512

      fc2808557caed6ada3a82529ca756fb94ee88931de032cd314f01fa675a450719f02c7ade9feb2a0af8a64a3b2dc537cd1cc33e226173424f081a441315706c4

    Score
    1/10
    • Target

      blood_pressure_entry_local.html

    • Size

      2KB

    • MD5

      1cdeabe6877fd1045588c42a174a7e01

    • SHA1

      376b5eec8b187c05c562e65dea56622501840f77

    • SHA256

      2f1b3beb96e982fc3a873335c5117682f212f870d5fc4ee6e0e9c2f9e861f2db

    • SHA512

      b3ff351f1ab2a406f8f1b01d6f8ce58052f5edc5307d84c331febe2c972fa3354ecaae2da9f97e278666692ff56a80d020d49c587b184307557b8adfcff234be

    Score
    1/10
    • Target

      diabetes_reports_local.html

    • Size

      1KB

    • MD5

      82c943f3825b6c0ad53ea5a928f545bd

    • SHA1

      626e445dfcd1c8fa70a3ee779b6d9f484e36cceb

    • SHA256

      c108fb2c8544a1f2faf5fb450db095df0231cd876aac67e944325bdd74bd3ddd

    • SHA512

      72618f9545d4533e9e0aa6adffecc009928585eb84950ba2b3d3e5610e2ae20259f2b39911bbeaa60230a490e8ced334b0b3fb9501ffebfc930ccd3cc8b27cee

    Score
    1/10
    • Target

      dpr_report

    • Size

      1KB

    • MD5

      054e373de9f9a37790eaa1769b2ab108

    • SHA1

      6305078cad8cfb75a4c79066c03a742601be7f45

    • SHA256

      f9689be3f17411447ea7ac066654cc65271d5552edc55b186b33797af5e6813a

    • SHA512

      3f7c13292d3ccb5cdfec2892c6e3c2f1746614ffeb71a1b1b07564082bc6377dd655ed315fcd4ab5c67161e242c5ae2a4bff669b7e029a66eae99039c156353e

    Score
    1/10
    • Target

      dtb-m.js

    • Size

      33KB

    • MD5

      2958b7dce738e82e3f9edac9408f0218

    • SHA1

      1a736dd5a5f87ebab2ba3bbc557a12487eef2df6

    • SHA256

      d6e2d6da7fa58b8d53828b1dac654d57d656fe47fa9898c0aae84cbcf3b8fc61

    • SHA512

      3c7612232f1f8ec8a51745fa3593bae9e8351849bee1de34ff341c33583c7e39a6313ea28260797a97c4c64cad781931f80965ea0fd1c05b772a1d6b00332d8c

    • SSDEEP

      768:cM85TLOVEVU3SGgmAms+SBED+tSklU+EF:c1JO6VU3ZymWBUP

    Score
    1/10
    • Target

      edit_insulin_local.html

    • Size

      1KB

    • MD5

      bd79c33de563833c2964df05bf71082f

    • SHA1

      5de4fb1397af8410b28696572cb0e7260d266003

    • SHA256

      a5e73c51212b21c1046a77882673f0c2cce8c5851f78ea6dd4924ca7d1ee566f

    • SHA512

      5b3e3be332146401133d43574021c7cd28b52fe6660f5b6877b6db449c0ec208fc7ad3d4661ed4c88f63ee28dd8d8dbd2415bca40c62eb5ee18fa40040a077a6

    Score
    1/10
    • Target

      edit_labels_local.html

    • Size

      1KB

    • MD5

      d3f96ad2d65e65ddccd0ebc7b31734fd

    • SHA1

      ade1b020eb11ab2ad5935c1ea6e311ecd27756a2

    • SHA256

      2697e2d2abec0dfb176a9f3d0664d8a2df1867e503cc8739ef01c467a6572bb6

    • SHA512

      11e085c5f202053d767a1bede4c32f711f8f77e67f86d3f63d560ebdb9232e2c1feb3ac4a0b525253e4d54a557a346850bb9c4335e2fabc76b8f58c5c9c809ba

    Score
    1/10
    • Target

      edit_medication_local.html

    • Size

      1KB

    • MD5

      601fbf21cb68f72f9c04f46e8047c31f

    • SHA1

      0ee7e08f3c0c86056bcfb9417cf37a2a62ac922e

    • SHA256

      0bcfdeb14fb71a4bb5e13db233faa1792ac4b18f1c769634cf9791dda4f87db4

    • SHA512

      739922a1171f3ee40cc6cf8b0f8d293962fa376bc02bb3f713976b0815fcc8ec44a2b25e92ec60eaef35dfc50c16331672560c4fc606eaf37d5e664257b5f6da

    Score
    1/10
    • Target

      edit_tracker_local.html

    • Size

      1KB

    • MD5

      829e307fee543203f205da867683e4d8

    • SHA1

      c93c4c81b6bf30ec3e4fe7c0da4a550ba29e5fd6

    • SHA256

      61a79942092e1d3685ca18930e82cc56697e81e432a185a0298fde79fcfe396b

    • SHA512

      61007e65a212858c355c9cff799fea23cf0032f5cefb31a3a45080463e707e34da0dc14cd51b6a099ebcec9c1b718aa2a749550864c04c2e25f3a7e02f6c6753

    Score
    1/10
    • Target

      fyb_iframe_endcard_tmpl.html

    • Size

      521B

    • MD5

      331ab67d131439c4c50e02a3d7445008

    • SHA1

      675ac8d91e0a2fe211d49a8e42f20f018c4bd50c

    • SHA256

      efdac80cdb4576d2e0d93512348e9dbdb06e69e23a1db81838dc5e40a16715d9

    • SHA512

      eba60283d7d5562d3e27a9d5f9f382de621474796e68c4c7b8bf06fd20b081f5aa657ab58d988f40e76883eb8459e3b44f8f31f10424f6d181bffc3c28041e04

    Score
    1/10
    • Target

      fyb_static_endcard_tmpl.html

    • Size

      3KB

    • MD5

      d18fb1787ce0e84567496b8564e452aa

    • SHA1

      007033d0824685600611af6992060577e127dd23

    • SHA256

      2ae5e0576febb1a1cd63b10bf71644f99fcfd0fe7fb1f2d19525594165294e51

    • SHA512

      ba5225a80941e3ee4ff18401b910968a6cab47634914ecb68213599b96fd4b39c8722e82bf2883faf355d9416a6f2acaa36151a5d8969079cfcd4c6795f6003b

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
7/10

behavioral1

octobankerevasioninfostealerransomwareratstealthtrojan
Score
10/10

behavioral2

octobankerevasioninfostealerransomwarerattrojan
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10