Overview
overview
10Static
static
76552b0699c...03.apk
android-9-x86
106552b0699c...03.apk
android-11-x64
10AlphaPresentForms.js
windows7-x64
1AlphaPresentForms.js
windows10-2004-x64
1BoxDrawing.js
windows7-x64
1BoxDrawing.js
windows10-2004-x64
1CombDiactF...ols.js
windows7-x64
1CombDiactF...ols.js
windows10-2004-x64
1ControlPictures.js
windows7-x64
1ControlPictures.js
windows10-2004-x64
1CurrencySymbols.js
windows7-x64
1CurrencySymbols.js
windows10-2004-x64
1Cyrillic.js
windows7-x64
1Cyrillic.js
windows10-2004-x64
1EnclosedAlphanum.js
windows7-x64
1EnclosedAlphanum.js
windows10-2004-x64
1GeneralPunctuation.js
windows7-x64
1GeneralPunctuation.js
windows10-2004-x64
1GreekAndCoptic.js
windows7-x64
1GreekAndCoptic.js
windows10-2004-x64
1GreekItalic.js
windows7-x64
1GreekItalic.js
windows10-2004-x64
1IPAExtensions.js
windows7-x64
1IPAExtensions.js
windows10-2004-x64
1Latin1Supplement.js
windows7-x64
1Latin1Supplement.js
windows10-2004-x64
1LatinExtendedA.js
windows7-x64
1LatinExtendedA.js
windows10-2004-x64
1LatinExten...nal.js
windows7-x64
1LatinExten...nal.js
windows10-2004-x64
1LatinExtendedB.js
windows7-x64
1LatinExtendedB.js
windows10-2004-x64
1Analysis
-
max time kernel
3734203s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20230831-en -
submitted
29-09-2023 01:32
Static task
static1
Behavioral task
behavioral1
Sample
6552b0699c6683b9a7d905d431b14403.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
6552b0699c6683b9a7d905d431b14403.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral3
Sample
AlphaPresentForms.js
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
AlphaPresentForms.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
BoxDrawing.js
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
BoxDrawing.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
CombDiactForSymbols.js
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
CombDiactForSymbols.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral9
Sample
ControlPictures.js
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
ControlPictures.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral11
Sample
CurrencySymbols.js
Resource
win7-20230831-en
Behavioral task
behavioral12
Sample
CurrencySymbols.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral13
Sample
Cyrillic.js
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
Cyrillic.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral15
Sample
EnclosedAlphanum.js
Resource
win7-20230831-en
Behavioral task
behavioral16
Sample
EnclosedAlphanum.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral17
Sample
GeneralPunctuation.js
Resource
win7-20230831-en
Behavioral task
behavioral18
Sample
GeneralPunctuation.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral19
Sample
GreekAndCoptic.js
Resource
win7-20230831-en
Behavioral task
behavioral20
Sample
GreekAndCoptic.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral21
Sample
GreekItalic.js
Resource
win7-20230831-en
Behavioral task
behavioral22
Sample
GreekItalic.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral23
Sample
IPAExtensions.js
Resource
win7-20230831-en
Behavioral task
behavioral24
Sample
IPAExtensions.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral25
Sample
Latin1Supplement.js
Resource
win7-20230831-en
Behavioral task
behavioral26
Sample
Latin1Supplement.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral27
Sample
LatinExtendedA.js
Resource
win7-20230831-en
Behavioral task
behavioral28
Sample
LatinExtendedA.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral29
Sample
LatinExtendedAdditional.js
Resource
win7-20230831-en
Behavioral task
behavioral30
Sample
LatinExtendedAdditional.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral31
Sample
LatinExtendedB.js
Resource
win7-20230831-en
Behavioral task
behavioral32
Sample
LatinExtendedB.js
Resource
win10v2004-20230915-en
General
-
Target
6552b0699c6683b9a7d905d431b14403.apk
-
Size
1.9MB
-
MD5
6552b0699c6683b9a7d905d431b14403
-
SHA1
a40c6bb1990ce78414b64bf9a2f6225e6012ee8e
-
SHA256
5ebac20a82963408b103b0e53da63fc22a15404321989a090505ee8258095423
-
SHA512
e488030c5d39ea668f8d8e4b799ce34f54eb2ecd34d1e5c36d88293137d58997bb674533d6be880cd9703ae2c6d5622d521ca8a2194e21dbc7c112f471896834
-
SSDEEP
24576:MmlR3LHA9i1J6hf+SsmW+c92P4J1dMZAMm7tAme4Z/w5gNlVYRDlYqjaOB04IB3+:zLA816famWaP4yY5RZ/wytEieLRfbfV
Malware Config
Extracted
octo
https://cm603lzeyxdw.site/MTU2OWE0NzJjNGY5/
https://cm603lzeyxdw1.site/MTU2OWE0NzJjNGY5/
https://arw2he7x57wp.pw/MTU2OWE0NzJjNGY5/
https://5a9udxg6l6gd.su/MTU2OWE0NzJjNGY5/
https://9r8i1u84t2gp.online/MTU2OWE0NzJjNGY5/
https://cm603lzeyxdw.space/MTU2OWE0NzJjNGY5/
https://cleverk21da912mca.live/MTU2OWE0NzJjNGY5/
https://zazarazgok7215vor1.pro/MTU2OWE0NzJjNGY5/
https://juf18ki1ca15ca1la.info/MTU2OWE0NzJjNGY5/
https://pofvac15camkkecz5.cc/MTU2OWE0NzJjNGY5/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
Processes:
resource yara_rule /data/data/com.useallrb/cache/wrukfjpo family_octo /data/user/0/com.useallrb/cache/wrukfjpo family_octo /data/user/0/com.useallrb/cache/wrukfjpo family_octo -
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
com.useallrbdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.useallrb Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.useallrb -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
Processes:
com.useallrbdescription ioc process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.useallrb -
Processes:
com.useallrbpid process 4132 com.useallrb -
Acquires the wake lock. 1 IoCs
Processes:
com.useallrbdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.useallrb -
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.useallrbioc pid process /data/user/0/com.useallrb/app_DynamicOptDex/FmDsJ.json 4132 com.useallrb /data/user/0/com.useallrb/cache/wrukfjpo 4132 com.useallrb /data/user/0/com.useallrb/cache/wrukfjpo 4132 com.useallrb -
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes:
com.useallrbdescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.useallrb -
Removes a system notification. 1 IoCs
Processes:
com.useallrbdescription ioc process Framework service call android.app.INotificationManager.cancelNotificationWithTag com.useallrb -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.useallrbdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.useallrb
Processes
-
com.useallrb1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4132
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
2KB
MD55d64c1889d318ee2bb41d42d4032963a
SHA109b640c146770ab5fb7c47b96dfa1b62de5ff8f1
SHA2563e1ddfa2cffab71c74fc31d3dd2c57729667854e8dad04b005f8206ff0d1c713
SHA512edc1e710842c1ed407fd37cdbf0c000cc451e41dd6831e39e10657afe23ec7ac387e14e539b1789105681539ce2ce4f164caccdacf8b5d9aac0dfae7fc7836ef
-
Filesize
2KB
MD54f60386f43a84e3fcc86291877286d26
SHA145302eb0bbbfec66c3b7e8a317496450698b570a
SHA256b6267bcfab7d554bbf293a850311bfc4b3cef50d7346e5612ff78ed3d8b8860b
SHA512743e2706bf2d43f395b0b624ccafeeaa269bf604d5bebcad8c5491c7232152f0efdf341729ab397b9a6515f3b963743961aa9ae39d7b971ab7200d87f5e4897d
-
Filesize
433B
MD50e147b751bfff9fc5b20976f3eff980e
SHA14043cbeaa7bf249fa7f90e0cc4745c4691ef4179
SHA25692b69a24a028f9de7919bea031a0233df817e5f32188f245074f4d9962f0a38d
SHA5122da90569cb1f69ece8ac596363e600201cc90fc983bf76cb538d1c97238f4105e2773fbc281d4df9d9ef480b2e3ec1d06ddfdda9cce42a63e4cdd5287a2c0870
-
Filesize
457KB
MD584f2ba6d209895ee87990060f93615a7
SHA156ec69e59a47433f0948fa349de4efed92d02b3d
SHA256b304fa8c4aaa44d548cc580f2af9a9df0dd6cc6dd2e7f8505fe5b91853ca080b
SHA512ea03e036ad90ca4dd605a9cf2ec08aae237f1fdc100f6381c74089f848587fed2d428d5258dc9e809cc556e16c1758fa5547ff26ad84d085fadfedc2847455cf
-
Filesize
28B
MD56311c3fd15588bb5c126e6c28ff5fffe
SHA1ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA2568b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA5122975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6
-
Filesize
230B
MD503e4b51330f5fd396ccdbedc64c7d8ec
SHA100b8eda65b27e3ed4222a070439c98112962b507
SHA256bd24d06dcc35b43e3268580cbd0c80ed7a8bf0e29227ac0894e6f987f16221d8
SHA5126dedb5eb9cdb117dbb6133795c476e74a67f8a2fcbaef0c0104f517ce77f85b941b6b62e77ac45f0acb694d06a1458c506f30a5a930132912f7b412e357413ff
-
Filesize
54B
MD5d782b7438c53efd76ecbaa61f63822f5
SHA177df68fb62a21c8111dff32472ac1a2d6f543f8e
SHA2563f77a1f7e2a0cd1a44aec3c94b00b67d2cb4e67659e0872892086694562204b2
SHA51227bfcb9ca5c7be6560be9dbf6ecc6c762f9c6f3c2065666493e39ed59d82bd6bf957c6eeeb8d0b6510eff6dee3a356a37c3013d8c960ae1660b73ec3b3c55758
-
Filesize
63B
MD57f1273cfe018b4c9c3e608b32b9369e5
SHA1729453c9bec50a01e5e3977283e13dd375ac0b58
SHA256021989ca5fe5f7b5321df5a48cdc4ccb6addf44d57c147d4d2b9810d7e0d028b
SHA51296bfc0c200ce195d22cb96b45a38ea0993b2c453b3daab282fb4564a6952cc1208de21a795539a1ea2181c1814291c9c6f0de8b75ed46f82b9d89098533fd4b2
-
Filesize
423B
MD545f36b2756f560c07225b46153d0b0e1
SHA1036fa879f473dc6636e4cab0df5ed083707f3a7a
SHA256fa58d7d30671f6facfe550291ac569a1eee2d23d303f84d6f4c13d03e4accbb2
SHA512d584fb9bb515536700ffd25acdbf192014d16db81e4846f49adc565d8a2799f03cd35ec72509d1721bf38a0d0b4859eb60015c8e421086f3fbd0c36dbc71507b
-
Filesize
6KB
MD53b5a8de6c5a04653a94a278d48e7c76b
SHA11f499f079b2d2a2d0df98e741638f60048d0e94b
SHA25658f512fc54d2207a37d9b8821eb94bead5624d4d024952248c24eaf9803b08b9
SHA51265aa5de6557c2eed68fc10f05eb0177109b0387266af6ee142ec14ed53f9c017819df38c9e12efffbfbf893f4a8100d94de7359f67fec3c7f658b226d7111ac8
-
Filesize
457KB
MD584f2ba6d209895ee87990060f93615a7
SHA156ec69e59a47433f0948fa349de4efed92d02b3d
SHA256b304fa8c4aaa44d548cc580f2af9a9df0dd6cc6dd2e7f8505fe5b91853ca080b
SHA512ea03e036ad90ca4dd605a9cf2ec08aae237f1fdc100f6381c74089f848587fed2d428d5258dc9e809cc556e16c1758fa5547ff26ad84d085fadfedc2847455cf
-
Filesize
457KB
MD584f2ba6d209895ee87990060f93615a7
SHA156ec69e59a47433f0948fa349de4efed92d02b3d
SHA256b304fa8c4aaa44d548cc580f2af9a9df0dd6cc6dd2e7f8505fe5b91853ca080b
SHA512ea03e036ad90ca4dd605a9cf2ec08aae237f1fdc100f6381c74089f848587fed2d428d5258dc9e809cc556e16c1758fa5547ff26ad84d085fadfedc2847455cf