Overview

overview

10

Static

static

7

com.factupx.apk

android-9-x86

10

com.factupx.apk

android-10-x64

10

demo.html

windows7-x64

1

demo.html

windows10-2004-x64

1

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

maction.js

windows7-x64

1

maction.js

windows10-2004-x64

1

menclose.js

windows7-x64

1

menclose.js

windows10-2004-x64

1

mglyph.js

windows7-x64

1

mglyph.js

windows10-2004-x64

1

mmultiscripts.js

windows7-x64

1

mmultiscripts.js

windows10-2004-x64

1

ms.js

windows7-x64

1

ms.js

windows10-2004-x64

1

mtable.js

windows7-x64

1

mtable.js

windows10-2004-x64

1

multiline.js

windows7-x64

1

multiline.js

windows10-2004-x64

1

no_sleep.js

windows7-x64

1

no_sleep.js

windows10-2004-x64

1

sdk.js

windows7-x64

1

sdk.js

windows10-2004-x64

1

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

slow.html

windows7-x64

1

slow.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    com.factupx.apk.malware

  • Size

    1.7MB

  • Sample

    231014-cvndrade37

  • MD5

    5530a8cef7e881c9e05261ce316d6af3

  • SHA1

    1b7a28f3ab86284a00871c25c4a8aeef82b212f4

  • SHA256

    78e6f36b8493f6f30accc0462fa3095175412269a9ecefd701fbeb03f6c76631

  • SHA512

    f467a6e6573383d1efffbed299ef015b91f8c55575d46befe64672664e374a7c1d24bc95ed363374376485796212f98bea8fb7d9ffa18f0b9e54c6abd7233bfb

  • SSDEEP

    24576:tF5DRN8c0eXYSLKVI+y/VUCslJ+VZh5CJvbd03HHUnCxV8COwriKNKoXYH6UeDjQ:F/LKSNalsVdsbG3Q81voEYaPCaEAHit

Score
10/10
octoandroidbankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://176.113.115.110/YjcyMWYzZjc5OTUy/

https://31fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://32fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://33fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://34fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://35fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://36fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://37fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://38fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://39fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://40fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://41fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://42fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://43fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://44fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://45fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://46fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://47fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://48fdghhoo11.com/YjcyMWYzZjc5OTUy/

https://49fdghhoo11.com/YjcyMWYzZjc5OTUy/
AES_key

Targets

    • Target

      com.factupx.apk.malware

    • Size

      1.7MB

    • MD5

      5530a8cef7e881c9e05261ce316d6af3

    • SHA1

      1b7a28f3ab86284a00871c25c4a8aeef82b212f4

    • SHA256

      78e6f36b8493f6f30accc0462fa3095175412269a9ecefd701fbeb03f6c76631

    • SHA512

      f467a6e6573383d1efffbed299ef015b91f8c55575d46befe64672664e374a7c1d24bc95ed363374376485796212f98bea8fb7d9ffa18f0b9e54c6abd7233bfb

    • SSDEEP

      24576:tF5DRN8c0eXYSLKVI+y/VUCslJ+VZh5CJvbd03HHUnCxV8COwriKNKoXYH6UeDjQ:F/LKSNalsVdsbG3Q81voEYaPCaEAHit

    Score
    10/10
    octobankerevasioninfostealerransomwareratstealthtrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

    • Target

      demo.html

    • Size

      1KB

    • MD5

      03b178d1ff60f7b47438321299c1e1ea

    • SHA1

      b4097afe68a2b28456cafad4b70f28bb87020527

    • SHA256

      56a53efdc143e241faafa8eb1fafbf8aa82ea1c630465a5d66a9c406a134c99b

    • SHA512

      ccd7c1c2c99de385b4c53056d2e014ae03164cc3927084750716a100316bb94a42ce4c127faf0bf8caf884ef470df23216c004b5f75deff1a4b62721d233ff7f

    Score
    1/10
    behavioral3behavioral4

    • Target

      fyb_iframe_endcard_tmpl.html

    • Size

      521B

    • MD5

      331ab67d131439c4c50e02a3d7445008

    • SHA1

      675ac8d91e0a2fe211d49a8e42f20f018c4bd50c

    • SHA256

      efdac80cdb4576d2e0d93512348e9dbdb06e69e23a1db81838dc5e40a16715d9

    • SHA512

      eba60283d7d5562d3e27a9d5f9f382de621474796e68c4c7b8bf06fd20b081f5aa657ab58d988f40e76883eb8459e3b44f8f31f10424f6d181bffc3c28041e04

    Score
    1/10
    behavioral5behavioral6

    • Target

      fyb_static_endcard_tmpl.html

    • Size

      3KB

    • MD5

      d18fb1787ce0e84567496b8564e452aa

    • SHA1

      007033d0824685600611af6992060577e127dd23

    • SHA256

      2ae5e0576febb1a1cd63b10bf71644f99fcfd0fe7fb1f2d19525594165294e51

    • SHA512

      ba5225a80941e3ee4ff18401b910968a6cab47634914ecb68213599b96fd4b39c8722e82bf2883faf355d9416a6f2acaa36151a5d8969079cfcd4c6795f6003b

    Score
    1/10
    behavioral7behavioral8

    • Target

      maction.js

    • Size

      5KB

    • MD5

      822831d9f1246ce179cd4f7c97faf45d

    • SHA1

      8aea91382d6beb9e6a7ca0ccf9b57dd8e3b91a04

    • SHA256

      49af583d364e9fb4a2b145edabc508d2faeb6b344182b709ef68a777d873a19b

    • SHA512

      54b3e6496148c1dff3073bb32c650866ef1521af723c23bd05f43f1eb92a827ba8b2ba83a12c04507d39bd6899c091a705e94dd53061215a4bb9758f845c293b

    • SSDEEP

      96:q4M7HFEmr+58tVPGncOVSRyexMG+fUI2JyXnJyfxO7LKcyDo:qb7Ht28tVPGncoJmMG+8VJyXJyfxOfKQ

    Score
    1/10
    behavioral10behavioral9

    • Target

      menclose.js

    • Size

      9KB

    • MD5

      07275ee1eea9545c6c1f7a14f9844e69

    • SHA1

      032b7cee43d168bbc04abf627f07d5b5727587cd

    • SHA256

      f82ecde8dc433118abe95fdfc03fd2cbfb702f1ec1a17bf9330949d26758d34a

    • SHA512

      66153e952e9ade6f2bc84760d429626d2102b21189a3a8b6d6d245e0e5637559c603caf84ba7484083f463155060330e9c1aa96fb5a5eb0aae25cee90d3ab4ed

    • SSDEEP

      192:Db7HteHSadK9Z+wIPxu1gXb1WyJcW1nbca1lJ80bTKZjF1k0yIlQ1X3Hym1o4Gm0:DbmU2bPztJZbmZM0JgSTGjEado/QmkQ3

    Score
    1/10
    behavioral11behavioral12

    • Target

      mglyph.js

    • Size

      2KB

    • MD5

      01e24ff5d9956428bee73ab5bb85af8e

    • SHA1

      6cec9edb82a7af92ec5f9fb36840748d91a47dfc

    • SHA256

      519e4f62c9fb65b66ea6d9e7ea88f5b3d2a7a9aa34d5005a7d06326dc885749d

    • SHA512

      4354bdc30764c33160d14819fba7f4c64de4607f41cbb79bd732019410a0bf599069dc00ae86a71fe90837a269200e6ce899a19ddfaf7138f33bb9cb2bd8b3de

    Score
    1/10
    behavioral13behavioral14

    • Target

      mmultiscripts.js

    • Size

      4KB

    • MD5

      74b4f6dbb621a2c5d08bbc009bb3d864

    • SHA1

      352212a8521d96d995ad3e63074d2d22957b6784

    • SHA256

      40beaf853a681d2186222905ade4dc6d7d24b06616113e84ecb4cb9d61f6a9bf

    • SHA512

      88779f75dda0b0182039a9e612f4cea71c71b1ea25cbe7306ba56151fac490cb01d3a75dd52303fdae11cafb4ab91ab36deda3a27cae76c10ccf797c1e378fa2

    • SSDEEP

      96:p4M7HFEmzxik3e5mHhQ3tebgJE0Zf6TrKwn2WoOliSerg:pb7HtFik3e5mykn0krhT+g

    Score
    1/10
    behavioral15behavioral16

    • Target

      ms.js

    • Size

      1KB

    • MD5

      52e82bf9e4d6dbd729dec45dd96cb39c

    • SHA1

      70509bf2de56e0596b25557e15149a6ece93ff98

    • SHA256

      2beb4d2ef0f22ad2b1cab7afd718fac18a35e5dfbb1d5e8f629de6538d9c9dbf

    • SHA512

      785f88958fcd549dd6e622ad54100ad6144e9daf6d8bdc6d6ac31a915df9d9409158bf75cc31dd19bece60496d6b00d9525185c346fe671c403ac1ac66bc6b21

    Score
    1/10
    behavioral17behavioral18

    • Target

      mtable.js

    • Size

      11KB

    • MD5

      2c0dc55e00a55e0c49245f323d61ebb5

    • SHA1

      90bf1f6fad8ce7bdac76e0d8eb1109d01457ef16

    • SHA256

      369ee9f8a7fd480acac9f386fedb3d10476d5178c64f0c95146f23d7eccd672b

    • SHA512

      e88b689a4d80003c254328ed7cd516185559860cedabf7d62d012bcc976733b21d40c865926b395019642f77a5de60dffae6e6bdbd94108670b24f2b5c058752

    • SSDEEP

      192:ob7HtVl78EWhxYTtUCezus+bvu5F9P0NB+B0/daBb2JwQ7NArcfXsegOg+40389/:obaQDE9+bX/daBb2JwQ7NoeXxgOgfue/

    Score
    1/10
    behavioral19behavioral20

    • Target

      multiline.js

    • Size

      13KB

    • MD5

      e0e501a4b55da2df438575befa87afcc

    • SHA1

      d5c480bb48432af346d5e77fd79503b66116b922

    • SHA256

      d565e22112d500db6af8be35ca0a1a4411f493261dbf0bc7c0ef7aa06d22e7e8

    • SHA512

      da894e3857c57739d630cc2a0c2aadcce996a53d32aedef58ef71fcc34e961f908a070a5bfa6469535d3696ed53d79f623102dc79749a52b1b79bcbbf7375b83

    • SSDEEP

      384:AbtYnWCKG1Lt/XZXsUkNbck7kXynPlTq3HNJy05gEHigjCX:AZ9CKEOdeXyt8cX

    Score
    1/10
    behavioral21behavioral22

    • Target

      no_sleep.js

    • Size

      13KB

    • MD5

      7748a45cd593f33280669b29c2c8919a

    • SHA1

      e17ecf67de61920504d79194dbee5cd552a01cfd

    • SHA256

      dce4eef0b197b640ad6aaab2228ee1ee7dccf8bd6d6b5de5484dd1bd16430a78

    • SHA512

      49b3225a5994b724b16b1890e41697c71096402f48c338fe193cb538ac8f88b7d013c0b70e81786d476be3eaf3170049df1ced6cd8957098fffecf11c13b5586

    • SSDEEP

      192:nRG+Fgkw+wi+FrZJqbzr+5rA7wbUCzebIkuHeIabmEWUSiaNRGApaFnoNhCaTLIf:n/gzi+FrZJqbzrarAyUX5uHej27W

    Score
    1/10
    behavioral23behavioral24

    • Target

      sdk.js

    • Size

      2KB

    • MD5

      4c6cea297c24a3695f6f836686176c3d

    • SHA1

      dd634738ac9a7cb92cd22bb40b860008027d211a

    • SHA256

      78bcd0b2a2106e0e526afcaaa113014d7963482737de6d28c6b785c937cc8ddf

    • SHA512

      06f7708f2d79b687c49c6a34634042fa95e9c8333c6444ad46c24ac3b94a8d6cb3e30e31a1e2cc00296a39f27e0ed4ec035e7b2e0c7a1057577485aa86b37d6b

    Score
    1/10
    behavioral25behavioral26

    • Target

      slardar_bridge.js

    • Size

      1KB

    • MD5

      4aea9c9d0f2475d3929e75e98bf5dfd6

    • SHA1

      56539ec1cee74ca0d1a7ad49edb7e834a4df24c6

    • SHA256

      5f861dcd421128c22e9c708cf1a2d12201936556ecee6283087eb5ff397b1ba7

    • SHA512

      0e9ab75019a3ae9170d224792bd365c1b765a755378de8cf92360ea6fa5850f719171da8a1fb09a93df95bfa642257653b7db953278f4eff450daf190eb6dead

    Score
    1/10
    behavioral27behavioral28

    • Target

      slardar_sdk.js

    • Size

      40KB

    • MD5

      4e69cb4284be1f513ac02d2aac13765e

    • SHA1

      7f8a5acbf22b9f1aefe7f4432900ed20fc6acd55

    • SHA256

      065dfa9933b101f48a5ad53b5b947c06932b269a21b31d71d60880977490db71

    • SHA512

      d2382289335f829ce22c01af8e458ac471150827bcc2fee36fa8b6822a0142431afd57f639e731ac2eaad0c2f7b8eaafd0aa27813416bc68f1d18d1f73d80518

    • SSDEEP

      768:AAMR91LQLNWBiMZISUqHylJx2+px2g0wJOa:zS1LQEpZIVqHyfmgMa

    Score
    1/10
    behavioral29behavioral30

    • Target

      slow.html

    • Size

      3KB

    • MD5

      bb5120365ae32b156749e60184fdd68e

    • SHA1

      2b7fbd67c51d0c0a39682c09d75912fbd44061c1

    • SHA256

      189c01f32ddaa5a2e43676447b86fda1696e8ff9ed7cb8cd5ea1aad0b5d7b532

    • SHA512

      c42d8d7d623422e5852e07fa488cde5d3576882cfdb621ad4b31bc357231f0d69f4c0a893f57b6839b5bf260a56657638e03988ff9c25af32e6cd30d57d83680

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
7/10

behavioral1

octobankerevasioninfostealerransomwareratstealthtrojan
Score
10/10

behavioral2

octobankerinfostealerransomwarerattrojan
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10