Overview

overview

10

Static

static

6

8b18b8a7f1...23.apk

android-9-x86

10

8b18b8a7f1...23.apk

android-10-x64

10

Analysis

  • max time kernel
    2372093s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20/12/2023, 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923.apk

  • Size

    3.3MB

  • MD5

    ab4dfc2cc89eed6e9039f3ea0fe4cb76

  • SHA1

    ed5b65c7c3677e590edadc4e7f1a49fc9296cd51

  • SHA256

    8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923

  • SHA512

    506142bdc14f576f9f0613aebfe2c94fca45afd1844df3670ef85c7a6b922ae0c04aafaf77b3129cc21417bf538db7bb165e6190de2480d71dc7326550c9bf75

  • SSDEEP

    98304:jKZbAI2VY07HPiEnWgCUARPBR7AJ63RvE:GbA1PHn/bAR5R7AJ63RE

Score
10/10
octobankerinfostealerrattrojan

Malware Config

Extracted

Family

octo

C2

https://checkserversippool.xyz/NmE0N2YwOWEzMTM3/

https://poolcheckipservers.xyz/NmE0N2YwOWEzMTM3/

https://poollipceckservers.xyz/NmE0N2YwOWEzMTM3/

https://poolserverisippool.xyz/NmE0N2YwOWEzMTM3/

https://serversippoolcheck.xyz/NmE0N2YwOWEzMTM3/

https://serverspoolcheckip.xyz/NmE0N2YwOWEzMTM3/

https://serverscheckippool.xyz/NmE0N2YwOWEzMTM3/

https://ipcheckserverspool.xyz/NmE0N2YwOWEzMTM3/

https://bestscanipworld.xyz/NmE0N2YwOWEzMTM3/

https://scanbestipworld.xyz/NmE0N2YwOWEzMTM3/

https://ipbestscanworld.xyz/NmE0N2YwOWEzMTM3/

https://worldipbestscan.xyz/NmE0N2YwOWEzMTM3/
AES_key
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 1 IoCs
  • Makes use of the framework's Accessibility service 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.formtop27
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5125

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.formtop27/app_ded/2j6nmTRPoVrQQpMP2MSamE8Xjf7s1egB.dex
    Filesize

    7KB

    MD5

    d249d541a857a625ee4c2a61c97d3312

    SHA1

    e00734ec72f3a7c896c2de2cac98108373c1d38d

    SHA256

    6b43fb517074aad79b7f45e2975dfdb25743374fe3c33bad0aae087db540152b

    SHA512

    e4958e013ac4b59de349e85a354ea907972b910530f0fd861254d5399eead05a226981110edb6d4c33464b1ceb33547c18aedf5abca5a1d5cd270801beb2d734

    Download Submit

  • /data/data/com.formtop27/cache/oat/xbttwxwufqlf.cur.prof
    Filesize

    432B

    MD5

    a1d6fb6b404c112ab6a937d071a893ab

    SHA1

    9b2c59eb9ca28929729393e0a81add033d93bb8b

    SHA256

    e565e57d70be02d9bf9cb59506385aa7d0881e2b9c125baa7896098141a10f00

    SHA512

    94235c70d6600684583e835ec58aab92114fff5935dcea343ce4348db67c11066bbb2fbd57874bb32faa8fc502246a2e812731570612b256b128b86fa1f1c9b4

    Download Submit

  • /data/data/com.formtop27/cache/xbttwxwufqlf
    Filesize

    444KB

    MD5

    81ad6d8a6d0f45b270e1a399da85f91d

    SHA1

    ec93b27f842e5c26b58373211e35b5ceb416fb97

    SHA256

    ff50b048a333f2c7782344db49872eeea2d1bdbea6823c24b0da69e680e18f2e

    SHA512

    90f9b28fb7f2612de43bb5dfb33f088ce144e1d2ac7dbe667ac11399c2a0473933a9181ba09162ff00acede638a44390811c4fce19ed2c5efc519a2a089727b2

    Download Submit

  • /data/data/com.formtop27/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.formtop27/kl.txt
    Filesize

    230B

    MD5

    8c349db7389c662bda3bb8d820dc49c0

    SHA1

    774216cf7693aad8f86d3889676340756a41a22b

    SHA256

    58d1b4047703ada320bd946b23a32f3c78e973e129bdb291b8dcfc64ba954ccb

    SHA512

    987390af04961cd5fc7a0280782a302c2d7b3edaada8732fdc795af4cdc88a0aa08111714daa6942dfec7572962836d935ba61adae711640a076c94b10c54891

    Download Submit

  • /data/data/com.formtop27/kl.txt
    Filesize

    69B

    MD5

    89f9a88b97ed80f20d94d5bc4bdb0448

    SHA1

    5fb9ca99c8251ade4d1890e75afde6b12e81b4b7

    SHA256

    73e5c7c88a01945362f58edfb419456880780207b06fcb815f0a9f24593021c6

    SHA512

    d669797f21e02eef48f0ce676f72f2b33e7e054f57efdfbbe134992cb07b278d4f2c8765785beff5df2f9ee3e712422642f5325372afd135fa65d5e7a40e73c8

    Download Submit

  • /data/data/com.formtop27/kl.txt
    Filesize

    59B

    MD5

    cd939ce9149e1569267622c58a869dbe

    SHA1

    bbc2330064602327dad09ce8b8ea2585b2f3841d

    SHA256

    9931c976571d2d8801d34d58ae4ac9b833d8036c06e6be8755eb02812012a994

    SHA512

    9a41d26d1b495d557829c20acdd20bc3a4169f90f617bb40eab9bbb43850cb80cadb756b1b003e6992b440383fbf9dfb1bc5e128cb579258dfe32f7db9b07fef

    Download Submit

  • /data/data/com.formtop27/kl.txt
    Filesize

    63B

    MD5

    24ae6eb10362087f0f8a55d2fbfd70c6

    SHA1

    e84f05d1d0f05f88a41a950359697233c418321d

    SHA256

    3ea0887b67c8058e97c74327e083a57f4beebb92ff354aa50d17543f880d596b

    SHA512

    0809cacff835c91e87b17f44079ad7df5e77b22b388c82d9a221dd25fc81c2a72d9aa2236bad7cc9e6e01e2407f765502459f6f99db86f07dec7b1166259e452

    Download Submit