Overview

overview

10

Static

static

6

7e8f5ecaac...3a.apk

android-9-x86

10

7e8f5ecaac...3a.apk

android-10-x64

10

Analysis

  • max time kernel
    2347386s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20/12/2023, 02:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7e8f5ecaacfd1d2eb2c904bc9ce2a7f2366e0b5da4a0685a77b8f126e313793a.apk

  • Size

    199KB

  • MD5

    368f4b4d74a749ff55d76e929b52fedd

  • SHA1

    313066dc7a5cd5514eaede9e709ca1ee161c74c9

  • SHA256

    7e8f5ecaacfd1d2eb2c904bc9ce2a7f2366e0b5da4a0685a77b8f126e313793a

  • SHA512

    7e32bad0c2c45b4828fd889aa81e6251151566b48a32165bba5ffd1a8c267f8dfd59a25737460cab5528e5907ed555ed26f01127d529032802ea79fae9e05410

  • SSDEEP

    6144:nADJ+dIt4n5FQgG9gTu5grC8mJHbdjm+Ax5oNNZox1AI4h7:AdMn54i65qmJkpqPIA7

Score
10/10
octobankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://s22231232fdnsjds.top/PArhFzp5sG2sN/

https://s32231232fdnsjds.top/PArhFzp5sG2sN/

https://s42231232fdnsjds.top/PArhFzp5sG2sN/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.stilldifferv
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4261

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.stilldifferv/cache/oat/ziwnopuf.cur.prof
          Filesize

          483B

          MD5

          4a2780b973db5f8df3065e99f70a290b

          SHA1

          5ff6648d6ecb7fef23a0788e45616fd2239f8334

          SHA256

          1e3e0472e5c6958665d7c3211e59651c8cc2c0838c1073eb423f24149ccd93d3

          SHA512

          118da4d8c50dd701506f231ef694ed423557f56ed0e9bf18de21358c50a740694771d8c965bd60e58cf1b01db57550cde59d0702fc29439a8d87702367c1962c

          Download Submit

        • /data/data/com.stilldifferv/cache/ziwnopuf
          Filesize

          156KB

          MD5

          be6844567b153cf52b2cbe98c38f6bb1

          SHA1

          044bd3e6d4d3cd56821310a2779c60822d739401

          SHA256

          b04028e3fee62c135ff0803bc71bb3c1b6339ff8bd7141b590178e7337cf4d8d

          SHA512

          fb4590fd902cc69ac8ab7f2144427369c786a5f6341bc96f5805eaa277ed2396648bbc12bfc61ab79265c99ae368b96807b4673e4df22788c2b677114e3accae

          Download Submit