Overview

overview

10

Static

static

7

b4f12b179a...6e.apk

android-9-x86

10

b4f12b179a...6e.apk

android-11-x64

10

Analysis

  • max time kernel
    377432s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • submitted
    09-10-2023 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4f12b179adf38adc98991b4927c544cf51ac89d7faea4185681958eed3e666e.apk

  • Size

    541KB

  • MD5

    c214de79730dd70ab52a43621404fb93

  • SHA1

    7e983ae4ced9acc5da73f040f252ba61a759dd8c

  • SHA256

    b4f12b179adf38adc98991b4927c544cf51ac89d7faea4185681958eed3e666e

  • SHA512

    886e68039960666703928d46c1230dd626758a0bda227d6883c58f6300f6c716c53f9f7e5d06f0c802180894f0f77b2f806adc7e95f80bbdae0014038327820a

  • SSDEEP

    12288:40TiRBZVgrda7IVdmFfK0nqqQi4WUUksOUerW87nH:4sEZVghsfEqQi/U9HrWenH

Score
10/10
octobankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://213.109.202.154/MWMxNzg0YzJjZTVh/

https://yamacreklam232.net/MWMxNzg0YzJjZTVh/

https://y3macreklam232.net/MWMxNzg0YzJjZTVh/

https://y4macreklam232.net/MWMxNzg0YzJjZTVh/

https://y5macreklam232.net/MWMxNzg0YzJjZTVh/

https://y7macreklam232.net/MWMxNzg0YzJjZTVh/

https://y8macreklam232.net/MWMxNzg0YzJjZTVh/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.aboutorderpzqz
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4557

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.aboutorderpzqz/cache/khcqegiz
    Filesize

    450KB

    MD5

    12980affd183b3bcdef75eff9b50a39e

    SHA1

    c80c2ec7b2062bb8d7a1d2da61dfdfbf236401a9

    SHA256

    eff1f92250bee18564fa4d81ea75baef9fde5af232333b32a0d7066532f39898

    SHA512

    badf6103dcefa2279453f5964be05ed2c43f303a512774aa3d6289106ca83b9cbb22f116031dfa4846399fb55a5d8be19c8912e55a0d936c6680e68b42d91b5f

    Download Submit

  • /data/user/0/com.aboutorderpzqz/cache/khcqegiz
    Filesize

    450KB

    MD5

    12980affd183b3bcdef75eff9b50a39e

    SHA1

    c80c2ec7b2062bb8d7a1d2da61dfdfbf236401a9

    SHA256

    eff1f92250bee18564fa4d81ea75baef9fde5af232333b32a0d7066532f39898

    SHA512

    badf6103dcefa2279453f5964be05ed2c43f303a512774aa3d6289106ca83b9cbb22f116031dfa4846399fb55a5d8be19c8912e55a0d936c6680e68b42d91b5f

    Download Submit

  • /data/user/0/com.aboutorderpzqz/cache/khcqegiz
    Filesize

    450KB

    MD5

    12980affd183b3bcdef75eff9b50a39e

    SHA1

    c80c2ec7b2062bb8d7a1d2da61dfdfbf236401a9

    SHA256

    eff1f92250bee18564fa4d81ea75baef9fde5af232333b32a0d7066532f39898

    SHA512

    badf6103dcefa2279453f5964be05ed2c43f303a512774aa3d6289106ca83b9cbb22f116031dfa4846399fb55a5d8be19c8912e55a0d936c6680e68b42d91b5f

    Download Submit

  • /data/user/0/com.aboutorderpzqz/cache/oat/khcqegiz.cur.prof
    Filesize

    307B

    MD5

    d0a7790413baa0e328f3ef56ed0604aa

    SHA1

    3b6a0aa7d0bd1b4ea4035ae5c0b68015b7e58149

    SHA256

    4a079fba5e7f54d755a23b33a830cf1c1ffb7512b6baed0527b0902e3a5f5e36

    SHA512

    432db2e759c2c9f2c7630776840f88e1980e5331a159efcb23281fd7090352242ac904cc4a5e21c426ccb53b9c78684568cdef62a637883d0a1a5ef99d95a0db

    Download Submit