Overview
overview
10Static
static
7ChromeUpdate.apk
android-9-x86
10ChromeUpdate.apk
android-10-x64
10ad.html
windows7-x64
1ad.html
windows10-2004-x64
1aps-mraid.js
windows7-x64
1aps-mraid.js
windows10-2004-x64
1assign_lab...l.html
windows7-x64
1assign_lab...l.html
windows10-2004-x64
1blood_gluc...l.html
windows7-x64
1blood_gluc...l.html
windows10-2004-x64
1blood_gluc...l.html
windows7-x64
1blood_gluc...l.html
windows10-2004-x64
1blood_pres...l.html
windows7-x64
1blood_pres...l.html
windows10-2004-x64
1diabetes_r...l.html
windows7-x64
1diabetes_r...l.html
windows10-2004-x64
1dpr_report.html
windows7-x64
1dpr_report.html
windows10-2004-x64
1dtb-m.js
windows7-x64
1dtb-m.js
windows10-2004-x64
1edit_insul...l.html
windows7-x64
1edit_insul...l.html
windows10-2004-x64
1edit_label...l.html
windows7-x64
1edit_label...l.html
windows10-2004-x64
1edit_medic...l.html
windows7-x64
1edit_medic...l.html
windows10-2004-x64
1edit_track...l.html
windows7-x64
1edit_track...l.html
windows10-2004-x64
1fyb_iframe...l.html
windows7-x64
1fyb_iframe...l.html
windows10-2004-x64
1fyb_static...l.html
windows7-x64
1fyb_static...l.html
windows10-2004-x64
1Resubmissions
25-09-2023 22:51
230925-2ssm5adg99 1025-09-2023 22:50
230925-2skyaacf3s 725-09-2023 22:49
230925-2rsxhacf2v 725-09-2023 19:47
230925-yhh46ace26 10Analysis
-
max time kernel
3454268s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20230831-en -
submitted
25-09-2023 19:47
Static task
static1
Behavioral task
behavioral1
Sample
ChromeUpdate.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
ChromeUpdate.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
ad.html
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
ad.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
aps-mraid.js
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
aps-mraid.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
assign_labels_local.html
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
assign_labels_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral9
Sample
blood_glucose_entry_local.html
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
blood_glucose_entry_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral11
Sample
blood_glucose_local.html
Resource
win7-20230831-en
Behavioral task
behavioral12
Sample
blood_glucose_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral13
Sample
blood_pressure_entry_local.html
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
blood_pressure_entry_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral15
Sample
diabetes_reports_local.html
Resource
win7-20230831-en
Behavioral task
behavioral16
Sample
diabetes_reports_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral17
Sample
dpr_report.html
Resource
win7-20230831-en
Behavioral task
behavioral18
Sample
dpr_report.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral19
Sample
dtb-m.js
Resource
win7-20230831-en
Behavioral task
behavioral20
Sample
dtb-m.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral21
Sample
edit_insulin_local.html
Resource
win7-20230831-en
Behavioral task
behavioral22
Sample
edit_insulin_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral23
Sample
edit_labels_local.html
Resource
win7-20230831-en
Behavioral task
behavioral24
Sample
edit_labels_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral25
Sample
edit_medication_local.html
Resource
win7-20230831-en
Behavioral task
behavioral26
Sample
edit_medication_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral27
Sample
edit_tracker_local.html
Resource
win7-20230831-en
Behavioral task
behavioral28
Sample
edit_tracker_local.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral29
Sample
fyb_iframe_endcard_tmpl.html
Resource
win7-20230831-en
Behavioral task
behavioral30
Sample
fyb_iframe_endcard_tmpl.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral31
Sample
fyb_static_endcard_tmpl.html
Resource
win7-20230831-en
Behavioral task
behavioral32
Sample
fyb_static_endcard_tmpl.html
Resource
win10v2004-20230915-en
General
-
Target
ChromeUpdate.apk
-
Size
1.4MB
-
MD5
e8663d7b3eec9509ed49d5a85d0c39d1
-
SHA1
af654776384ece12c2274ae39acfebb6cc39f639
-
SHA256
846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d
-
SHA512
827f1c2de44bfc0c935f10223d93711ae592377f5c7ba4f9daba64f2d90f911f4f1a65990211a2b8e6a151d08c5fc840d6e2d8c26b6031d40f79c8963278b053
-
SSDEEP
24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr
Malware Config
Extracted
octo
https://zaglefolki1.info/MTU2OWE0NzJjNGY5/
https://passajire555.live/MTU2OWE0NzJjNGY5/
https://majestike8ca.top/MTU2OWE0NzJjNGY5/
https://jikugac818v.vip/MTU2OWE0NzJjNGY5/
https://f2kic1nam25n81k.cc/MTU2OWE0NzJjNGY5/
https://cleverk21da912mca.live/MTU2OWE0NzJjNGY5/
https://zazarazgok7215vor1.pro/MTU2OWE0NzJjNGY5/
https://juf18ki1ca15ca1la.info/MTU2OWE0NzJjNGY5/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
Processes:
resource yara_rule /data/data/com.riverfront8/cache/ngzvnyttctwi family_octo /data/user/0/com.riverfront8/cache/ngzvnyttctwi family_octo /data/user/0/com.riverfront8/cache/ngzvnyttctwi family_octo -
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
com.riverfront8description ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.riverfront8 Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.riverfront8 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
Processes:
com.riverfront8description ioc process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.riverfront8 -
Acquires the wake lock. 1 IoCs
Processes:
com.riverfront8description ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.riverfront8 -
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.riverfront8ioc pid process /data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json 4996 com.riverfront8 /data/user/0/com.riverfront8/cache/ngzvnyttctwi 4996 com.riverfront8 /data/user/0/com.riverfront8/cache/ngzvnyttctwi 4996 com.riverfront8 -
Reads information about phone network operator.
-
Removes a system notification. 1 IoCs
Processes:
com.riverfront8description ioc process Framework service call android.app.INotificationManager.cancelNotificationWithTag com.riverfront8 -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.riverfront8description ioc process Framework API call javax.crypto.Cipher.doFinal com.riverfront8
Processes
-
com.riverfront81⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4996
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
2KB
MD5f9d7541e53b3da21b07114b994c5574d
SHA10dceb9f2b238c417f877ce2c5d659c342a55cdde
SHA2565938a3b4d175985478b8bd2c7ec400fe969855493528ef982e511ca6cb4138ed
SHA51200e2cc5c4368472fc9fa8b574b55b6c0e18b0a8accfacaa905c7be7844f6cd41ea88fdea35002bb6531e3706619d686434abcead6c672c994524dc51273070cf
-
Filesize
2KB
MD5b3f54bdf5727697c33a0f7d3076987c7
SHA156477825c1b2731afa1a9b76ebb8c533075df827
SHA25611c9f73978d5a9a12e89bfa4f3ac7c36fd9281438798e75f113cc5a6004cbfc3
SHA512caa8f233e77b585f6d8cbb08384d974494edcb3705139e9b702a057eac66b9b03ba556c58d5340de6d30ecf64ea7d80dc7afda08b78de6a20e2de238e14d6c92
-
Filesize
271KB
MD520efb40c46b088b3d7f833f6c3cfda07
SHA19e61943af7a5c19362385f4caf6c985bcc554995
SHA2567eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce
-
Filesize
432B
MD545044305c3556ada25f2f1175a1b6fb3
SHA11a32bd24fcfd4d0a0aef1d0859635edf066c259e
SHA256213bf3fca8b1dbb734f72b38980e85233b070abcc609ad3830759e08f9ca2086
SHA5123eafbfe2ee469e120eb6de849a2ee8d4cdd6dd6fb9fd125ff52b809a3687099c30329b597850da083dca7a4cad10410fbd4d1f992945eea8db7fdeaa5674ba99
-
Filesize
76B
MD548e01c9f4e9f556ade5fedf8cb7b58ff
SHA1f8b4f6401a4a2a07322b21206729ba8b7ac86490
SHA2561cccb469c2414aa5f1270e2206024a584f39679744b05ad3effbde64839d7963
SHA5123b305a526790e60e0e3b6894e5471b8ccc197cd6948174e7c6ca5d900d95dc61f56325e4ab0c1033250f1a0cbfbaabdb5e6c6c0f4610e0b14308778b3accb2ee
-
Filesize
28B
MD56311c3fd15588bb5c126e6c28ff5fffe
SHA1ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA2568b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA5122975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6
-
Filesize
230B
MD543f115408686b25ab7add7fcf4a73557
SHA10e709fec81348a93c06ca4b85ad861da5b70a1c8
SHA256e52c49741e115c25eb2bef4469194570dcaaeaaea2e6deb7b3c6945b7ab7eb80
SHA512d26d8ffb0126acc688fcf43d6f3fc90c9954875b12fbfb786100188438bb99bdf83bfb55920c45df3c7a514904ab13dfab5eb19489c726ec28c1e254fbe93116
-
Filesize
45B
MD5f58bb75a3a858a1c2b4cf1409e49f5f1
SHA1ebf833b0744f0f9576098816ae1feb332fa8f2e9
SHA256ad43213439d83679d26ae83b5757d1f77bd5e227b809fb0632de86976163a1e8
SHA512a35612fa5cd8839be1cb674e5d6151f037847ed8ba6591df8eb589e2dfc77f8baa0381060ca9ceab6155b38e093c715264c099bb2b771ca594c4d3827d1d5aa6
-
Filesize
68B
MD5d55191608ae8dd0ff3ffd6b16293f9db
SHA13b5b0497c35aac8700e826144758be981464b5e0
SHA25673ec87ec7f55e49e94d75767964e2c6c5ac956e64cea1905b435ecc64af8357d
SHA5127b26577f6a645b24438e220faab9de9ca41b93b43d98a99432ebfc2ee0c639edc705b9d45d31ae8209c90c70132f002f5dd8090553854670560bb646fd31d0f4
-
Filesize
6KB
MD56a77912b650e56c029a71f6865345df1
SHA1f87804085c6f813bbb506e0a0e26f60b494383fb
SHA256d1ea67963a8e3dc3e34ed70537cbd2c8c8a5971ef27091831c88be1fda02671f
SHA5125cf7f167ed81172fc9884bf45b48be84f45499bd3bfba47615695ad5ca53f5f6f2fc2f8532f4811d444f6179f9cea51148211ad108cf1ab5e88a92c11ad8c68e
-
Filesize
271KB
MD520efb40c46b088b3d7f833f6c3cfda07
SHA19e61943af7a5c19362385f4caf6c985bcc554995
SHA2567eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce
-
Filesize
271KB
MD520efb40c46b088b3d7f833f6c3cfda07
SHA19e61943af7a5c19362385f4caf6c985bcc554995
SHA2567eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb
SHA512af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce