Analysis

  • max time kernel
    60s
  • max time network
    68s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    15-02-2024 10:36

General

  • Target

    octo_alphasecurity2.apk

  • Size

    509KB

  • MD5

    384e3e844ff9a3cf0da47741ed57ca66

  • SHA1

    073a957e8a1fd229adeeb9e3d8f819c91eb86670

  • SHA256

    03c9675fb981414de940100aadd3fb789cc6773d331ba3a7c9f67da783c8f0e1

  • SHA512

    8f8c5f5ff5185a3f78763469d8816ad0aa3f1912c8f4ea37ed74759619c55b6d76c34a5c0b4e1a9efa6f75e401d23e15370ebbf37e079767ece7f8e970e77267

  • SSDEEP

    6144:kROLTNZBIqSJFClLrYD9iEEqQ0HIPxy07LstErgkxD5sboQTTM2lmWOipkxI1jie:k8tZOq9iMEUPx3s+DxNs5lpOV4DGZXW

Malware Config

Extracted

Family

octo

C2

https://mine-495834.com/NmE4NzY2MmIzMTM2/

https://mine-495834.net/NmE4NzY2MmIzMTM2/

https://mine-495834.info/NmE4NzY2MmIzMTM2/

https://mine-495834.org/NmE4NzY2MmIzMTM2/

https://mine-495834.xyz/NmE4NzY2MmIzMTM2/

https://my-354363.ru/NmE4NzY2MmIzMTM2/

https://my-354363.su/NmE4NzY2MmIzMTM2/

https://my-859745.ru/NmE4NzY2MmIzMTM2/

https://my-859745.su/NmE4NzY2MmIzMTM2/

https://my-938475.ru/NmE4NzY2MmIzMTM2/

https://my-938475.su/NmE4NzY2MmIzMTM2/

https://my-873755.ru/NmE4NzY2MmIzMTM2/

https://my-873754.su/NmE4NzY2MmIzMTM2/

https://linkrt-44353.com/NmE4NzY2MmIzMTM2/

https://linkrt-44353.net/NmE4NzY2MmIzMTM2/

https://linkrt-44353.info/NmE4NzY2MmIzMTM2/

https://linkrt-44353.org/NmE4NzY2MmIzMTM2/

https://linkrt-44353.xyz/NmE4NzY2MmIzMTM2/

Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

  • Octo payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.beenbody10
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.beenbody10/cache/ahkbiiaazb

    Filesize

    448KB

    MD5

    c57ad0cbcf85aabd5b567bbe17f5828b

    SHA1

    6f59c61f7f4df55247d808cb22625f0062654ba0

    SHA256

    5051f914e9239ac7f4d8ba03ba237198815a2963db6d833038dd4f8f0c8a0303

    SHA512

    2a62e42d676d39093b94f553001d221f4bc31660ce04f8284e06b5e0e448574dc7f186dd6a9d9f82bd6eefef92292ed7fbb5f346121ed2e14182547f511595e7

  • /data/user/0/com.beenbody10/cache/oat/ahkbiiaazb.cur.prof

    Filesize

    348B

    MD5

    7c72788d6d955c727bb929a681b855a7

    SHA1

    64f6e026d284bf3153c898e16d6711a62c2f3d97

    SHA256

    519351abbc6404b448c48baa56c5ab8369c59f731ec0b6cc3e5db6fcb2c09a12

    SHA512

    79bdfd03a1d90ec5755a20e2a2ba464f8c41616b1b0426f010903a2f1751ff9015a22de25f8c163c7edd27f395b0430f618733262d5a1826368febac0119f838

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    63B

    MD5

    a3f2540162c042e21dd975ce1fce7395

    SHA1

    03f42f5025608302b30957944f157ca06430ad28

    SHA256

    74240c496e0c00dab4ed288c97febd7b994eef7a3e9077abddd58c96009ee0b5

    SHA512

    668e3aeba593cd2f30f5ce121b534da596659bc58c1954dbf9e9e359ee8f52315f1aa66d2e3eb1b1c2aa99bc4aac6ab1522b7cb84025bf692e17afea48f31030

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    45B

    MD5

    f8931f7422fc0c16c1afd077edd3640d

    SHA1

    437581e4ed3c55ecffa8aee01b542fa99ef008d0

    SHA256

    37708d8374229b4a26e772d5a795537e16347f5df1b02e1944f4633f17e9df0b

    SHA512

    a2908bbed5805a06badc7d55c1ef00760f151b87dcd91c99c20e6a41c1abd2814c2284c69238e9f240a6889826024c1f21863c418d6511ceb613d21a47bbab25

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    78B

    MD5

    844fa2ca54c64fff5c34bee247b88d9e

    SHA1

    f4921b6eed306a26b34b0a223b0ebd67c04bdcdd

    SHA256

    c077217261f28012da2574a15e3394371098e529835285f7dd5856c587d6b0de

    SHA512

    77973d9c48a033a96898217e2cb6364380cd6ee76e3286319eb83a5caa985e341a0e6b4281cac2bbe59d0a58b053818afa87d522edc02fe521e70bfcab1c7db4

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    63B

    MD5

    7478409ea70af9a8f8c05d0c483611a2

    SHA1

    a936e052ae9c2ff958c6bcdcc7a429478c7b453d

    SHA256

    51599c032f606ccb01dae675e38c05df9919cb2a3d961b67d08ce09406b8ff9e

    SHA512

    bf5a18a22359e038a3b0fb844024b6c57c19485ae457848a086b4ebd66dfc0f1772d1644f2f905425ad322d194cb0a57bb8bda44fcb5bafaae8d23dbfd306d74

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    45B

    MD5

    a28db638b27f3956da86160d7ed91d69

    SHA1

    159b58d586ee7cdff34659ebcef46db63d645c3f

    SHA256

    55644c781de87a3e41a54e65f7499a17863f410d068f203f87b59305dc1d59cd

    SHA512

    c31fccd560d9ecd57edf36f6110c41b2599db35becc31dfd290840f35611df565b00ea032bbbea61aa618f11417f0c9787ca875d14ec7796c1f3d41678ed263a

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    79B

    MD5

    b13dddbd74e0bcc127d8528138187c1d

    SHA1

    86121877e357e911710735736db4c2ad7c8fb033

    SHA256

    81cf47d135d83cbd6f8faa641451febea040262e7ba8acaf0a444df4fda2562f

    SHA512

    7d3b5af0c563f23a3dfc6f9294311da19b315eef120776b6e8bbbc2b80f815ff8863cd2db6473c33d6fad63c9643fbef8ef72437180bd85d7fbcbd9d073cc98c

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    63B

    MD5

    b41bd0a5c9a4285c2c3851ee48312fb0

    SHA1

    9f837bde9c5789cc5b33a78e02b0ddcb7c1a7561

    SHA256

    81e1ea898514d90508974a97fe3c38f49a8d1c99fa99460a207cf60a1a68de64

    SHA512

    db1b45a294cb534dbbe9832e20ae2b08c4bb82c489ed517c156ecaf49c65d6b3165b3d072c0e97c8dcc2597aa3fe742478d6fe4b6da0d202aeccb3037a2afba4

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    68B

    MD5

    075bb16a91890b6c6c524306d9c55416

    SHA1

    7be9da4ee004fb24b06dd38459bf59c80ee15272

    SHA256

    005a1111177b33aecdda378b87c152f64166c2d5ffb7dcfb420b0ffa3fc07b4b

    SHA512

    c40286c94860876381bf15fed8aa44aa1fb57c7e963fbf95244e66d98bd0d22df49631470f5cc8d0b75e36b1b867522be6124d09471e0628da46b61fbfe2b351

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    45B

    MD5

    95efd6b05390b3a742e48f91a9d46d99

    SHA1

    2575f09211899fa03fc28129cbe358b1eaa8ffb1

    SHA256

    84044d0e9c6d49992d2a3e035d637fb5deec1781d8de29f97d0704789363bbcc

    SHA512

    a7479b5492dfe29e1cb872639d9c7b9643931bee7a8cd84e2882be390c0b53e55a4c4440442d1944d827809dad3c9a4c1be0d2439b243f5ef5ae5f9efd8a35c0

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    66B

    MD5

    d4d297f25796229392c97303e2566aeb

    SHA1

    a480d318e7819febb07208d702868a62d9f432ef

    SHA256

    1a4135d56d85238a48201bf2ce6958d60219d4bb0e0b8700b903605061d494ba

    SHA512

    093d08ee60dd277cf5d20cf51c6376d2908454abec217850b5910ce392ec9b62197a23088c54ce4241e83478ca33bf665d1abd60612f3c49b50818c12c6826f3

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    84B

    MD5

    1a8ac4c6aa27a8825381ba73f7eea978

    SHA1

    1c64b0e7e03a2383b0c2789cf77212742b6bb29b

    SHA256

    c8c96b1b35d5dbde443cb0bc9e1465ea02692dae5ff136a1e81ad57ec1507aba

    SHA512

    674c69d442f579fd0374acc4ca4e5e4774c6de63b006df1e014c968119dee51b7e546fe902ee0b473d59b2b9f15f6c81339a2837edf689c79abaa5aaaee5df88

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    68B

    MD5

    ea3ba61a9639ad2e8484aaff074dd805

    SHA1

    4e8872e87cc5e34c0cf47fcb939064e2e28736fe

    SHA256

    e1f2cf640b026a37adcbae2df74b755e51a34472fceddd29e21a28fa481d2e1c

    SHA512

    c302fa5e4766d4eedb3fa181b76833f04267b55b1f03f964755e7ecc9512364bce721dd86f315b8cb7cb332d7e2a26997acce4c0053044f2801c64a0d8c2d9e6

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    240B

    MD5

    0397c4de14f3783b0419d3dfa49de9bf

    SHA1

    8e373daae226b1880f94af00654b385e38263e37

    SHA256

    629262094469a926bf4bb9ab00f0bf167303e2c08adf6b6fcf74da53df4d8bd3

    SHA512

    7d861f949a4f8812f8485ff1d42123d0972b6f58e79b3ddbbf2be2072fad83bd6cef275cfef59fdeae1c16dfce3cba1408523d8c1b4d87e56ff36ad5823116f1

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    64B

    MD5

    8a0f223d0fcc089b9bb069e6d515b858

    SHA1

    c3038d907b5a983f623c757103f74edd6068af51

    SHA256

    06b640815226c48b723d260e86a6fb80a8e1ba810659d32fbb15cf52760f1d72

    SHA512

    a711227ae5e7d4696e53e700e26ef8771454663e19df41924b8edd029d81f2cb63822c5d5d12dbead53f92bf30c8b2f1b96d15ec322a5f0dbe5a68d4b01c810c

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    54B

    MD5

    565f4f2e3c7e6807287ecca2005858b9

    SHA1

    d1bfb3be03c75991ffe3cf91d23d093eae6f186f

    SHA256

    5528a3085e2c3556f78bc034b9ae442592a2bebee7572c796bc5f958dfd6e809

    SHA512

    043164803ffec4aff4bbe6e9d2ed9374a09530b1abf054ea01ad86aee33ba479ca654c90867f03e3ab57dab26b275b669bcdeed904e3a10f8f336fb68ebe2e80

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    63B

    MD5

    806f19cdd5fae9ad64cf1a4f1626f256

    SHA1

    8321af547fea84518c527610396957acb5aa6870

    SHA256

    884b78f90a3b346fd0ce7375f963bc10ee1f59a08f6e78da9464b45aba9dc38f

    SHA512

    98fc11dadd62d1c48ee825c33eb942636ff735b424ab7a77c9ce0061b03d5eae5c4b87cc5b84df298bdacfac0492062cd00a7f41fc9ada8612577b4456fd9fd0

  • /data/user/0/com.beenbody10/kl.txt

    Filesize

    45B

    MD5

    85d8b7b52489823aefd0085fa2ff2a9b

    SHA1

    89b3361567f4ef6142bd7d790210d444f955a46a

    SHA256

    5e77063dd2a35bc3503e9aef271534e738923dbe444693842bbe4cdd97f5ff67

    SHA512

    3ee2e104ff3cc06609eb0cb6911b0baeebc1ca7737f6e87d238adef93257eb5f88ab1f7b60603ad0886edcc3f678b0e438a2daa494f5cf445c193b9b3c3ba4a0