Overview

overview

10

Static

static

7

6778d265a0...14.apk

android-9-x86

10

6778d265a0...14.apk

android-10-x64

10

Analysis

  • max time kernel
    3635245s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • submitted
    27-09-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6778d265a0c104c7b339cd2ad51a933be12580126ae2651343519a041f658514.apk

  • Size

    661KB

  • MD5

    4b6aa0b99fdb1f54018ac1f728f9a999

  • SHA1

    d5b8b68ebf1d9633bd5bd8e60439fb2da104bb61

  • SHA256

    6778d265a0c104c7b339cd2ad51a933be12580126ae2651343519a041f658514

  • SHA512

    126d556f1e3bf75c1640f30f02e555c9bf57c9f1f7669371805048b96ae2a224cf528f7fd720a065152a111adb36afc0c73f1df3ec62c4fccf6e1124abde4c11

  • SSDEEP

    12288:NV1GBwpOusnNw6oFdFSrcd7H1BMGJ8GG8bs2NI+ndUPlKCpehCOYIBodw3xqrDTo:Nvkusne6oFnSrEHbH7db3w1whqs

Score
10/10
octobankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://185.225.75.19/YjRkZjE0NTUyNzZm/

https://otakikotaik4234234.net/YjRkZjE0NTUyNzZm/

https://otakikotaik3234234.net/YjRkZjE0NTUyNzZm/

https://otakikotaik1334534.net/YjRkZjE0NTUyNzZm/

https://otakikotaik1224634.net/YjRkZjE0NTUyNzZm/

https://otakikotaik6423234.net/YjRkZjE0NTUyNzZm/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.lessbring00
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4977

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.lessbring00/cache/oat/titqwdlhonp.cur.prof
    Filesize

    421B

    MD5

    d6ad08a495b666752a9eef7550953c87

    SHA1

    d287bf09fe05d4e58568c87aea98af2a107a1295

    SHA256

    914a2d5f6d50b1b6589e498900d920df0f4db9092c34d2000a1faabea0a38a76

    SHA512

    0535030841f1497e1e5e3ea854241b9c008367480a5796969d3f986b2f9a11ad004d91814e9d390d0047f9b926a6c1959fcd4a916fc959386d63d85dbbd8b379

    Download Submit

  • /data/data/com.lessbring00/cache/titqwdlhonp
    Filesize

    450KB

    MD5

    f6bbeb6b916cf9329e491ae770425c1d

    SHA1

    01450893a494e204846a27bbaf3c7f1f5425d542

    SHA256

    96f66d9d854468ce1ea772e90b293d432802b1569431aafd8992305ef25b01dc

    SHA512

    adb0fab13689bdad483a59cd692544a7b01fbc029f9d3be823c65e9c4f917d614aaacc59fc60f71581c37ef05713cd859ec13592aa5ad76f5f9dbdac2ffb17e8

    Download Submit

  • /data/data/com.lessbring00/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.lessbring00/kl.txt
    Filesize

    68B

    MD5

    ca141fef483b7957458512213493d496

    SHA1

    6a43dbb419bdabc4f157601224d621ca225ff934

    SHA256

    440a245a72bb9eb7860581540036c7888a35fd781a7e0c7aa27c90fa7ad1e762

    SHA512

    dfa8a8dc1301ebcc255c4d56db04fa573f64c8572b1eab744fdeb72cb6e48f7fa7d036ef0f75e74381a11ee45a20f9a840d67bcffe455d74f3fb87b4515729a2

    Download Submit

  • /data/data/com.lessbring00/kl.txt
    Filesize

    76B

    MD5

    03eb7809ec00be6c7b11add60fdadec5

    SHA1

    1304a95a1254ea190997e6f4e2fdb5e4a7181eb8

    SHA256

    4555c13fa17ca570082049f97201ce40cee19968d70a5c35ba073771cfe9ddc5

    SHA512

    c340655d792ded535b278a41cbdb14a563a8399f1dcb641fbeb1fb2f933c77e440f1d9ad1e59b8f443b147113ecf3e4ffcac56ec83eeb94e3d4db23ca917c17a

    Download Submit

  • /data/user/0/com.lessbring00/cache/titqwdlhonp
    Filesize

    450KB

    MD5

    f6bbeb6b916cf9329e491ae770425c1d

    SHA1

    01450893a494e204846a27bbaf3c7f1f5425d542

    SHA256

    96f66d9d854468ce1ea772e90b293d432802b1569431aafd8992305ef25b01dc

    SHA512

    adb0fab13689bdad483a59cd692544a7b01fbc029f9d3be823c65e9c4f917d614aaacc59fc60f71581c37ef05713cd859ec13592aa5ad76f5f9dbdac2ffb17e8

    Download Submit

  • /data/user/0/com.lessbring00/cache/titqwdlhonp
    Filesize

    450KB

    MD5

    f6bbeb6b916cf9329e491ae770425c1d

    SHA1

    01450893a494e204846a27bbaf3c7f1f5425d542

    SHA256

    96f66d9d854468ce1ea772e90b293d432802b1569431aafd8992305ef25b01dc

    SHA512

    adb0fab13689bdad483a59cd692544a7b01fbc029f9d3be823c65e9c4f917d614aaacc59fc60f71581c37ef05713cd859ec13592aa5ad76f5f9dbdac2ffb17e8

    Download Submit