Malware Analysis Report

2024-10-19 12:57

Sample ID 240217-1w96xabf83
Target 6b950d1779fbffd655050c571c2596c1acb80952a91cb2d7b523ccef458bd1b7.bin
SHA256 6b950d1779fbffd655050c571c2596c1acb80952a91cb2d7b523ccef458bd1b7
Tags
octo banker evasion infostealer rat trojan stealth
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6b950d1779fbffd655050c571c2596c1acb80952a91cb2d7b523ccef458bd1b7

Threat Level: Known bad

The file 6b950d1779fbffd655050c571c2596c1acb80952a91cb2d7b523ccef458bd1b7.bin was found to be: Known bad.

Malicious Activity Summary

octo banker evasion infostealer rat trojan stealth

Octo payload

Octo

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-02-17 22:01

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-17 22:01

Reported

2024-02-17 22:06

Platform

android-x64-arm64-20231215-en

Max time kernel

150s

Max time network

160s

Command Line

com.maplongajn

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.maplongajn/cache/yjsehqzkzntnwj N/A N/A
N/A /data/user/0/com.maplongajn/cache/yjsehqzkzntnwj N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.maplongajn

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 udp
GB 216.58.201.110:443 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 asamanaproductioneditionpskl.net udp
US 1.1.1.1:53 asamanaproductioneditionctfm.com udp
US 1.1.1.1:53 asamanaproductioneditionalsk.com udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 asamanaproductioneditiontols.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 asamanaproductioneditiontsma.net udp
US 1.1.1.1:53 asamanaproductioneditionkdna.net udp
US 1.1.1.1:53 asamanaproductioneditionksla.net udp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 tcp

Files

/data/user/0/com.maplongajn/cache/yjsehqzkzntnwj

MD5 a3b3b79a1068e47c4417cc6b25c3b835
SHA1 c0fa8caaee45d4da63305d5c29e76ba156f42fb1
SHA256 ed7ad8ba47670d2399cbb4a7878cc2e7f68b96a40fc7dbef4a7bff9f7dbd83e4
SHA512 4530ad73af1bfc24ecafa88441ab58e3f68130bc8caeb30f0d3a434c22a94a7184f0843cb296ec0f38a481ab7dccd9055c5c216af727f561db4b89c8736e90f5

/data/user/0/com.maplongajn/cache/yjsehqzkzntnwj

MD5 934c33ef42c5f20bd293868f36286ebb
SHA1 46deb41a65bdd6cec06cd08d26514020873829ba
SHA256 df8687201d23318937b16f804df3837751a86bd77fd4d61596bf6ef46dce4350
SHA512 3f2bb85d62e5c17f0b439faaf7e19d9c76022181a7ab27a6ff057bcd8cef812e4690b4003f61a9295b7aa6532f48d620081a51f824e307227eb37fa78e546ea9

/data/user/0/com.maplongajn/kl.txt

MD5 a0afaf5baebc1d5569e040c902ad425b
SHA1 41ed5f2f70ca780fa8f581066fb00dca329a8e9b
SHA256 76255483f01a1c3777a758418041e1c6191e4beca9f968e8b59cc215bd55261d
SHA512 f705ac991cbce718af73c820bdaebf9230b45ac631d3a6dc278b6e24e3857be8d51c089090b5a9c4b9d098c7289602db21065a0fd3c7451c2d39eca165f0357d

/data/user/0/com.maplongajn/kl.txt

MD5 0da0c6304263f4cfd21c62d55d867103
SHA1 9513d7761254f27a35e9571b98eb78ebded9188d
SHA256 537172a024b51759bdd99b93cead2cab1d7f569f8d08fc428878a68b840ba490
SHA512 c82370d1064b32f17751f49164ac0bf7a7cd9669ff7f9c0229767621c23f1a5bbf09d2bb58a364c579bb2d256a2889b84e2db212a8491e71767ce2719f322c54

/data/user/0/com.maplongajn/kl.txt

MD5 5012fe0ead5e8e7f74f7ae8788cd73aa
SHA1 57c7c17ddef24ce5ff7047b8d186f6b5179f00a7
SHA256 6b63e5daf630abde6475f9685fa15de7789c6bbbfc1b9e746dc7bee920ec23e8
SHA512 418b5d9505210b7fb440120d598cbc47c075c848c329c561586b630bd75f0b310ce446aafee01af163d23f738c5074cf5ceb0a2a17f47e0879e47a837e90a843

/data/user/0/com.maplongajn/kl.txt

MD5 a5ce9a2681c75eacc8ca65c885c88187
SHA1 001f3d6d36d55f92232f49476c80af6cdd2172bc
SHA256 861b60e2fdd6d8e4fdd2ae9636fddd7d0a98f0b6fd57706c89fc4934a9185301
SHA512 ac0f9e23a89aaf1f93a2ce85e08b45fc64b7955567ed0b97bb3acd7b3ca485ac386e6fe807f99f7ae3c342c6530467a66aef379c89228e94a8179ae6ac53d83b

/data/user/0/com.maplongajn/kl.txt

MD5 aac9d44d5c7b23db428a3a0593209794
SHA1 a5bc9a651308f32fde3b3869f030b59d4912dd76
SHA256 c4d2bc371287c3d0d4c66af05974ecbe11bfc172bd5c63fcd70b9183156a85ac
SHA512 cf3d4e29f4621b9b8d075fa80ca85faca3e1c1240664472ccb176df3d92b980a069d57c6267e5051d8ec55bb6edafcc85d0de85aa63e38ad6956922ccfcd178f

/data/user/0/com.maplongajn/kl.txt

MD5 fbe57f547365b9b4e380f7ac26e77ecb
SHA1 69a52215a7c18d075e67696831962dfbc9e7884e
SHA256 8c60669bdb2b052ac94140532a2ed46b9b925dc426bd9e01d1ca7d28b7c55ed5
SHA512 0dbb69b72d641684f96521022bb4e42ef219dae9dabd50af383ae13e829769425ae4531b5a8bebcaa01f0ba921743900e45ac87241ddf22079a940cd9d4ee440

/data/user/0/com.maplongajn/kl.txt

MD5 5066dda0839922bacf92a941c047c662
SHA1 2a81d66c21841c03efca9ce7b0e2535c4abd36c3
SHA256 f185bd757b7942045dba6a989567785ecf2228aa1d2d6ca2c8b2570739b11e39
SHA512 dddf089871a80201c9af2e75bdb0dcc7a79d61bc5bfb5e14e2361d0949bed0f285e80edb78c794643f21f8813efbad91e3592cb0655a5c4ff177cafbec6efca1

/data/user/0/com.maplongajn/kl.txt

MD5 0de96dbf3868c12028bc54337af8a1c4
SHA1 8928086b480096a3736a63dafe7d82d93cd12aed
SHA256 97ab2a38de22cd9ba53d927d666790248a1a4d4c8c10b6d070ab3d824c4f756f
SHA512 dd1d4ccb2a4d15f22933fe7e76e3a09b9a5a8734c85caa022ef4a26c29fa36da9454c97ace756333db084b31a669c769e502a80610498e870b02ed3f1835e88d

/data/user/0/com.maplongajn/kl.txt

MD5 052540f3825810a7ed9773cc95a0605e
SHA1 6e3a8dffb14056d98f39141a93c7b556e26b1f94
SHA256 1a78499616d74b8f0020fc9f5f8b9991ae875a6e987f99122da5b2dabf9a19a1
SHA512 f5a6351238db9311285ff7a6a29657fd50d5f31a0d47a188c0a5bf93034c576579f5ec95bdf6c6770665710b7b6f23c884e4bcce4fbdaabb2e4cd890ca95114a

/data/user/0/com.maplongajn/kl.txt

MD5 74ceb4b333f038cd23066c34db628929
SHA1 50cdf5d49b7e5f0a91843341f9641049b004b5c9
SHA256 9b27f061b08c4d4857c03166d1b956ad603594dbec70e66d86a751b0ab988aac
SHA512 dc61a7f42a3b1875480de0cf05347b98c7da41828c81161adf200f6f1a0787498a1a26ab82371d364620b906f73c57cb34019128b66f23edf6be91ba6e537f7c

/data/user/0/com.maplongajn/kl.txt

MD5 e0628a03527f39b43f311ac3f2e668bc
SHA1 e690a9985964a437bcfd8339cb3b0aa3c662120a
SHA256 c8a2b223a30bae95fed8b153bfcc407879aca74e50856edab9c636bba6d346ad
SHA512 23892b63c5462bfa894758eafdc5b8af50c8c1455f2ded5a2b85313b55cab3f4a158a6e3058af06e19a60dbc0a7987903da3f97b716c206870ddce5c19f56a15

/data/user/0/com.maplongajn/kl.txt

MD5 bde657cab652cfde0031eeef39e89589
SHA1 7fe925ab0eb397f854bf1badf32b4bc8057893fa
SHA256 6e62901f0e95d250dd35af8ceeb5d0443fce35624cd1597e5eedf1dd619f01c6
SHA512 eb50cc411612a5ee6a486d91e3e642f8a49069523183d6b23a6abc0e50b39e5ed6a9197f59e09af08fdc08dddf6aeae4f73a9f063cb63fbe9d1d76e574c432fe

/data/user/0/com.maplongajn/kl.txt

MD5 52d287c70bd6634f7bf555ae460e9add
SHA1 d14453bf7c1dc04a209af6dd5b2911f68d242281
SHA256 63b12f92fbed09acf2946d72eb63bed5786d08cd345fc9f592f213ecb1c77c1a
SHA512 5ffefa25b87c1279e40a0e8c153c4cdea0bc5417e031022332e0ae17750e869abfaa7479655473d4ade3f5770a3e955b14944e80d3dda1e9a16d90c385beefb4

/data/user/0/com.maplongajn/kl.txt

MD5 f8a28a0ed90ce7a7c8f015509fa4e066
SHA1 0c5ed40b6244384fe3237d36ee28aeac1d8eed48
SHA256 da6fbcdce230015b736dda8feaf59da6fe69930552d549ab1c0f5f1174d5128f
SHA512 585986f1ae7a214d453a73a1fdb0ffd78a9096552ee1886cb0118b9cad0cfd44e05aea001cd88c140845b8c9e249e9ef62c5b68226e466b7a7aa10700deb7af3

/data/user/0/com.maplongajn/kl.txt

MD5 102f43d525445da329ac429bf8e2d8a7
SHA1 0fe1f2a530b136b71a801603154c104189b49f66
SHA256 ffc9dfae652a4cbc82c892137e2f478dea1ad1eb720652a0008e3c2f6360e0f0
SHA512 2f2f41ef04de4ab40d415580c3de62055daa665e4e9ba888129b14e6e3b0c25ba218f36118c6985655f4ced08cfb636027e00be773a472d571f55601e222094a

/data/user/0/com.maplongajn/cache/oat/yjsehqzkzntnwj.cur.prof

MD5 e55b640515444d78bf58947b2143c9fd
SHA1 d2059ed8a11e0d3a86244f24eac0ef7c979b0580
SHA256 6c2274908026e048c86356c12f879e54eb0ae1e5202d340c5b84c4fc7a0cd803
SHA512 69735aa8a624f14f37e773a95dfa93a04ab22fb292fa2ec3cf1e22b50566ae8f76e324a710237019dbeb212806b20967eca1b6aba72fd6d285c43745a2b79fff

/data/user/0/com.maplongajn/kl.txt

MD5 bac831cc5d3b707d8d2c309b1aba026c
SHA1 323e835c3e45000d999e9deab2a04cc64ed5459a
SHA256 b12813f11272e54218a6196fe9842e7c6b10ecd3bb778e62c516589268488f7a
SHA512 8ef484f7649a904c78cdf5d250024b8a786b3549dbd35a501c22ad71a602c716bbcba137e5c9fe18f07602edb0a9284759ffaaefc4ece0bf7d373a72e4f381aa

/data/user/0/com.maplongajn/kl.txt

MD5 a56678a851a41c7af0fe201f007de99f
SHA1 7decee750e28e5b51aca71e0b9a83f1c101db2ca
SHA256 22e63a769c3ad8e9410417c7023546fb808259c9587d43df068251bf51af35a7
SHA512 d98c31013a828caeb7d26e61d78fd7782f177542d92d65515ef4ef5821f24e49c762bba93cfbcea0bf1593ba74e8ba3741b798c4c045d7b443006bbeb92f65fe

/data/user/0/com.maplongajn/kl.txt

MD5 597257f0c2492292c43375a0e91ef36b
SHA1 282031ca58f182fa784d3b299624f890cc403210
SHA256 24917b87ac545d768f66cba1f585a10896a0e119b51f03995ed6f86c6ac4bc5e
SHA512 bc8f879449cfff2b38c1babbc326e2586026b71e46cbc419b98fddc39bafc054b440e3c1b0d27f12e89a07b95b34c8adcd8946310f4ba0c41288b5f39f6424bf

/data/user/0/com.maplongajn/kl.txt

MD5 905281cbeb343216a5f2c8bab97acc63
SHA1 0e34aed0c4d21ca52ead102c3fdb4f640101af3f
SHA256 0c0f0e2d8a559d91816cb924f2ae81d134d39942444925e12f18afcc1da89482
SHA512 326969c210ceaebea8329bb0d5f86fed22c4d20ecdc35ad4351f1beb0d6aeb52d410327241d0b6aafd125acae2bf00dbd05974bd01fdbde589e63fa628411ad9

/data/user/0/com.maplongajn/.qcom.maplongajn

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

/data/user/0/com.maplongajn/kl.txt

MD5 b839b04d5d380810b77876502af1186a
SHA1 f3a2aa35d197e98ee02029224dcbf041193214e9
SHA256 355bbfd7e7a89dc9882aa1bb4fa2ee641b4cf14a23771800afd2ae626879a532
SHA512 fba412dfe262f0f20fd65d29c30ca91dbcaf725acbcf1efde41224b9378e898c2e710573b779ad1f1a2804c4513676f26b0fd8600a28a4d5572ef2791483bda2

/data/user/0/com.maplongajn/kl.txt

MD5 4d8a9badbd698e9e5e8d452937f02df5
SHA1 5955153c2b293b1967ce430d68c173fa9515ea24
SHA256 338468d23fa97d580ec8650c0c5034855e978b38ed21a3870ef8929f4e7125c5
SHA512 3012ae73218450fd39d56e566c38d60b9012b4fc619e50dd8d8d1a5a4f34215b62829f725746ecd0b4b0a89ee4aeed2e92f058bdb7598df472b3b8d1fe9a0472

/data/user/0/com.maplongajn/kl.txt

MD5 8fe77113b633dae075236362fd37900e
SHA1 5b349c7d06dcb68807f77cd2af7ddfa3bcb4a7b8
SHA256 72779f80b41f5b9dc6b830f979b139252e4cf16ea7b74d8a03937a7974de2814
SHA512 78123df75e6b0b5aecf12c2dc9a8eef62bfdc2152e2ad44965f2732c9978144e41583c390b0645a371f1a0d77f80e61aaa97534e29a6c13d31c284f8221d0531

/data/user/0/com.maplongajn/kl.txt

MD5 3a893d577c74e58718aa10d1fd6f4919
SHA1 47642c1e48976ed3ae3a4980e4a68265f5cf372b
SHA256 cd6fb9bc90caa5157a418bd4e73c702adb9e7f92ed12c06af7660e564de990af
SHA512 ca142795af78fd84e4f5c8e7e1472b09e22e621440f28a1a6108f7a7c34fe65f9333dc67f0ef6fe800588e26d62a5248dfb73829ef1018ea29201a804d5b36d7

/data/user/0/com.maplongajn/kl.txt

MD5 9adcf4d27c4fb4a99553bd7691031ef0
SHA1 0fbe8f21e11b3ed2b27bb76cc0462387a43d7eeb
SHA256 75dd2353efd6646658aa076dd258f062720d5fe9d6309707e472f5ffbb155cfb
SHA512 949eaa1ab2a7ed92e175014c4379e3c07e867e3ff0fe639efb3bdf60ee9c38c82dce3b1df129de2553ab6573f45769be27fb2b196afc23f3e98ef885cd89a159

/data/user/0/com.maplongajn/kl.txt

MD5 87043ed4cd5eceb8104ee2e6dd9367db
SHA1 bd910d8934f78c74c5a27f2786fa2d80c27458bd
SHA256 f40f9d8f2c8c3654c5451eb24dffc7248236037d04db727b4cdc2642ab9e9c4c
SHA512 9534eecce554e7c000fa5828e01e037f329c4ead2a6341351d23467f5771b481c749a54e577dad3f4997947e3476227b4d26e5554d51e5c623999fbfff83136a

/data/user/0/com.maplongajn/kl.txt

MD5 424998c7b0c5ee8d81dedf6b96603242
SHA1 9c536104e6a364f47a408707572e4925dbd972e6
SHA256 df785248b5ddea634746a15320efbdb50b12a4519387215d7a900f2f87e4814d
SHA512 87e7b824cd981a21ba2e6a6e11da3ab62d4f3e634edebf87b23f97d50593d52bc68c9a93743ad8880ba5b63ac0aeaacee349f188efa359dfb7a8be1d8a572ca5

/data/user/0/com.maplongajn/kl.txt

MD5 ecf391d8570e328df037d3ea15d27c05
SHA1 11132056a0e36d0e4a94bf75d3158db3b68a4267
SHA256 bbc86dc413fddb4b13d744e4ec5834ebabd7972b79c90f7b9a57871e3f273d60
SHA512 cd0a0411d62d6345526a87299b67977d3b8cd85a54c0a5b361c5a2cffa7f6d62fe323d3f88af9f2154c0a9f740db3ff0a226c16392eb801ec40564e7a211a4d4

/data/user/0/com.maplongajn/kl.txt

MD5 1d5ab72d0428d1226b97bf3ea2811a3b
SHA1 d3240b3d31bb36c059ff348eb443d3a2af46e5f4
SHA256 780bb3bf857d1cfedfc8e23c1a395b1ccccc3c475d6dd08daacbd85af53fc9b8
SHA512 745759c0c58afd21b749f300e9207666e3b69814258feef1d46bc77ffb0937ebef884b55162defff25cd7723e52fa1a62fe26c05a6b4c88d89e0f65480c579f6

/data/user/0/com.maplongajn/kl.txt

MD5 a08ebe3e9e26cbcf2961566f4bbe2593
SHA1 87c3b864870e8711238e0838a6d21a9c949a0af4
SHA256 37d6459e887b26f493889c92c8bf5163fa7b10b9685725c6431596ed02a23926
SHA512 6a7cd70183d69f8876ce70c6f6196c538fdf843dff4387e4f37c260e800fa0a635e1b45f1a5c50e1d8d1084a76ea37e8e65d71410b3257eecb4f84e1d2da2967

/data/user/0/com.maplongajn/kl.txt

MD5 a21d5c5ca08c8cb1c10b404c91872847
SHA1 1ad028b2f79600825951dd3e2fd3cc0efaee0a29
SHA256 0011704ddbd00179f9b73c7e4e3bd620baf5ec270a87e28ec6a9a0aa250aa48f
SHA512 6af9fde20b97aeb06f2b06f22272921ede6620f8bf8f17d64047ec2c6157a3f0318c3847bf3a1dada69606ed65def601031cd362ff32e962c8bdc98460b647c4

/data/user/0/com.maplongajn/kl.txt

MD5 818ef31bf968d8d89cf1a555d690a2be
SHA1 0bed5fc84dd6c775ed6b3f1f66ce45e639466d43
SHA256 ff7a4ff5dc2eca8f8c246c607f8a6919e872f79247666e213e3f2fb6100793c5
SHA512 c649ccb25f9534081831980bbae9e6266c2cac6099a718f474ff894c1d50d17d277eef8216fdcb2c7fc37ff9c9f7905b42afca6a5f2a1dd16eaca104566d685b

/data/user/0/com.maplongajn/kl.txt

MD5 5bf73c103f0b2b665b2f10ceb2a93487
SHA1 e1dc80d2488154d4a2a81d45f285dc9508ce0f11
SHA256 485cf9802109e75462655c0c89e82dcfd49d87fdbd9fa34f9e45b89c323b2ca3
SHA512 1f07c1045337c2b4bbbf02b697a6a3fced3dfaf519c84b8a2b8874332a07a500b62b736b9b0dce2f8dc9de6ec27c3a8b8ff7e15096be2494bba2372439fca1a3

/data/user/0/com.maplongajn/kl.txt

MD5 6dbef4dc080b9b685ffc011b01702382
SHA1 28198f2c3685ecde08adf6a4b2c4944656d9dbd1
SHA256 85570a412fa54d82a60670c9f992524af47243b2d82ab7c212bae627e9f6e2c4
SHA512 979b008d17fe1b21690ac89beea439075165f55904a275e00b6c41a9ddb14c004009b625aa4f8789dba929cc43fd009098c8585d37ed7a9f9afdfb162df2d35e

/data/user/0/com.maplongajn/kl.txt

MD5 4127e9fcf48ef250faf384ace7d1a218
SHA1 0ba20a06b39d17719c33fa81c25880660e28eff0
SHA256 8f302e53c8f330928d069850c3b8bc309b60732f69b7c4581a5e3e23393d1146
SHA512 6893e7a0513e8faa027890d668a0066152893fc133182fc9a7d6177d7380400125ee7024c0954dd7bd9f188214f7f5caa183aec1dca182ef37e5ddb9dbc0f801

/data/user/0/com.maplongajn/kl.txt

MD5 f9d1f15e539ae64b34d889b90b47f6be
SHA1 d2d25546307dd13769550a9206a6a10a23b42149
SHA256 901797d612a1c2af32725b08f12e9d536eecd67b2f51da1b634471e0701fc87f
SHA512 7dd4211ab0b8caa3becedbe45689c298ad23562b24fac24043543b31574aa01928a1eec58733bb453d350ade8d547610f35b0f2fdc42ebeb38be48ce5a629dcd

/data/user/0/com.maplongajn/kl.txt

MD5 bca371f6ff518127a76fe5461bd59243
SHA1 5b1cdeaab6d712569a04561dc7ff924d3addccff
SHA256 5af9ce9911c01d642aecf1af2ef3870ea7bd79f9952ffe0d772152071dc3e7de
SHA512 60df8597ca6f7a759e8ad6524c80307731edd6a3e7376e8749ac31f0204ef63f7c390e68ede36864770ae99aaa8c6098e504348ddceb6eb11f2a716d968799dc

/data/user/0/com.maplongajn/kl.txt

MD5 43cfccf2d01e883c59e8211090932c11
SHA1 cb9702ed86d19250593bcbb0a0c6a0bcf827baad
SHA256 c185b6968a3006f7839a31f0123a7bf8e494283086ddcdd55a3850627551dd69
SHA512 2e5c06a1b3d2c0bf6c4651b0fcbb5268a563ea7399b2cdb25e2552fb0bb47863ae9a74786baf2c9fe2eab03576c2b77cb34d119c4dcaea75dee94f388c88cae1

/data/user/0/com.maplongajn/kl.txt

MD5 efde91e9e19406d896f2eb0ecce0b76d
SHA1 855b75cfbe33990257fe66cba814e4e5219cc847
SHA256 2c4106b8850a5918bed7707c286b1ce2766d7bbf437ca2c14cc4553378d557f2
SHA512 a6f6c01b3185d346050c157ff7c50a2e329a2ad96af3016b0a8d468714bc2ba8e5134822ca9a3028233f4c5f7d64aff33d2c2c514cd66d917c3ad16ad081a544

/data/user/0/com.maplongajn/kl.txt

MD5 70b4c3b759c28efa5d635aa47562834a
SHA1 0a3391826f9256d9b5e86fa9e9595aed31c2c272
SHA256 ccfd6b39a1ff758003efc2c13edbbcdc1858e8fcfb03cfc661682f7c2b246aca
SHA512 d53fe9160361a0129b2a01870522ab41609cdc893fe143bd27f99183e58c61754ba94e2adc8b7ae595cc8c614903dfc88c7794858c4ca9e5aee42097e26b9f62

/data/user/0/com.maplongajn/kl.txt

MD5 09e5c1eeb2e9390f5f73e7fefba394dc
SHA1 c3bc12a53bba3d1c1fd793a5d0c27b41fd3f964a
SHA256 924e626d075db67d864a7bc6942aa1d692740adf9b5735f0d2dade9098f1fa79
SHA512 a708ffd3b59a156e052833402d20c8b972f90ef5d80f66299efc4e5fa2c6c025e9f349424d41d769a9804a9afc84f52dc41ed52121464b7b5a01099de88ceeeb

/data/user/0/com.maplongajn/kl.txt

MD5 f199eb89ff222e0a5d08faac22781b68
SHA1 311042e72c51cd4271660ba3102b7d1d5a64207f
SHA256 ef3aecf344926ce7489f19a699dd029dfc7c0531205393c8ad2d58b8f97a94b0
SHA512 0151aaec9a1d0fce354ec79118765fb32f1693e2ecb544f2aad622d7ccda0c928cfcb0dc435e7289edea315bac6e298579b05033829fad6c87487d079984fde3

/data/user/0/com.maplongajn/kl.txt

MD5 44780acb8827b38ab756ed3aa13b2ded
SHA1 64343ae3bc71102889445da203d0119fbee5f584
SHA256 d8e2ada864842b304de46289646718b8252d23ef0c215e4da11a10e897c19bf4
SHA512 bfcadcc7b8f74c113a8ecc5335c23009619c7ed72ba9bc5ce49d3a6f96de7daa5903ef9985ac275bf47ce36b33234fa83fad9d9387c263efdc33e7447ac17999

/data/user/0/com.maplongajn/kl.txt

MD5 a123146909d7d2eb08e27a09180958a6
SHA1 29305822f01393e3eee64922bc88f5dcf6fbd034
SHA256 916fb869626e78bbe223ac0e2b813f69b17e52b8bd752a9abef8f9c0e8007ccd
SHA512 e16a344cfdb1caebf34b9ed55af1bbbfffd8c2995fada46f734f5c6eb9925d8b6d82385a5e91231001d7d6efcdc753f6437e4fb58b2319f4503fedb553227f21

/data/user/0/com.maplongajn/kl.txt

MD5 79a9a129468f6b1c2c0162a00d3f5579
SHA1 17ad0131f32b2738b316ed296fe04c1edac9bce7
SHA256 5278d8e3a0eb42931da19cb6d78d36fdcb7933ab1bb78ec6fcc6ff07737b2fbf
SHA512 8de38615a2bee49a5e5cc0f514d035a4994d00051cf935861a2cf21060ab3523e9506b020b540fb99875a0da9d434c495a79e384b24c024ccdec6ae4028d29d7

/data/user/0/com.maplongajn/kl.txt

MD5 3d175c3e522edbe4ce77b32fd1903717
SHA1 a3cef0f3ee16cf2219ebae14d2f73f690279b350
SHA256 ffb758af05e8d96c7fb305cd855409119b464dd98d264a29fbc51ba30e4fbd7f
SHA512 df0a1114c7bccebc2c73cecfa8b614ddce950046fa264e165abd9f6b0cb0bc44d61073113eef725688a037b691d7f8a94e001b91924676fd190b78d9f7fb1719

/data/user/0/com.maplongajn/kl.txt

MD5 b3a711c3ca209110b9fdfb0dbb20fc8e
SHA1 63f12907aca35f4d87d346596a02c9dc368ac702
SHA256 e0c014b3ea9538fcb6b73c8c83bd19112e9452c83ebfd076e614cb127ab36e06
SHA512 05d4b4cd7ad5d048f2712bab28a37c68ed6e10d6f583fa1127490ca2fe267bea829c6a6f646e97ca848f2b4ce4f0391967c6391dc7601b9e67f24ee09c08c9a2

/data/user/0/com.maplongajn/kl.txt

MD5 1660d25bc09acef33ed93d82b765ec60
SHA1 5ed014400138098a88c1e9796077bdb2b2d5bbc6
SHA256 a6c33792fc6255f07aad02b21e218e4c7ac2df1597615cfaf3b576c7b3041c8c
SHA512 b01f9e7c916357cc74c55b9f93e5fb6ead2d5750bec987f544a80b472a84e754ee325e4a69bc6a11df893da43f23b4fbca70f6ad6b3db1c9a6249a005f6983ba

/data/user/0/com.maplongajn/kl.txt

MD5 cf8e57354563ab4a31078ea87c6ba568
SHA1 538b1b08276150663bd41f7aa6969fcbc0421dc3
SHA256 da31ce7e03cb814699a42e0b594618ab02e46324c53fa6796abc616e1e230d61
SHA512 302949636abfc5860a06f3ee678c0e6adfe68540aac0ee9c1a40ca776e7bd400a8f955760aa270ef64e386fa780d3583a91a2a7d782bbf637cb07fc54b138045

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-17 22:01

Reported

2024-02-17 22:06

Platform

android-x86-arm-20231215-en

Max time kernel

33s

Max time network

134s

Command Line

com.maplongajn

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.maplongajn/cache/yjsehqzkzntnwj N/A N/A
N/A /data/user/0/com.maplongajn/cache/yjsehqzkzntnwj N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.maplongajn

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.ip-api.com udp
RU 91.240.118.224:443 91.240.118.224 tcp
US 208.95.112.1:80 www.ip-api.com tcp
RU 91.240.118.224:443 91.240.118.224 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
RU 91.240.118.224:443 91.240.118.224 tcp
RU 91.240.118.224:443 tcp
RU 91.240.118.224:443 tcp
RU 91.240.118.224:443 tcp

Files

/data/data/com.maplongajn/cache/yjsehqzkzntnwj

MD5 934c33ef42c5f20bd293868f36286ebb
SHA1 46deb41a65bdd6cec06cd08d26514020873829ba
SHA256 df8687201d23318937b16f804df3837751a86bd77fd4d61596bf6ef46dce4350
SHA512 3f2bb85d62e5c17f0b439faaf7e19d9c76022181a7ab27a6ff057bcd8cef812e4690b4003f61a9295b7aa6532f48d620081a51f824e307227eb37fa78e546ea9

/data/data/com.maplongajn/kl.txt

MD5 028eae857678c63753bc0acd08e92f68
SHA1 bb00a108a043535c8e68d1ca83f6769d92bedff9
SHA256 a58c277375188661db6e1c59532762ead6af720deee0ff212b9e6b410964e22b
SHA512 6c868de7c5301b51509d45f89f7149a75a010ecad8791deb6642b42361f02f43f9b976e349ab0af08103f0c5f2eae1f5d8721222d8dff6034232813a89b32d26

/data/data/com.maplongajn/kl.txt

MD5 bdb4d6f959017dd72d213908f90bcc68
SHA1 397d1de3acfd34a603bf701047ca9d6e58a79843
SHA256 0a3d7b6549fc12fe6916e73fd94984c16ccc967d30307168eed84e5079289ec2
SHA512 3a0c135e53d676d8b9cf39a68124a8096d14b34023d956533d3692ccb4c8328414be16c2e3fcefeebab8d7865fc5f25cbfb72fb15201f9f2efe7a838a93519b6

/data/data/com.maplongajn/kl.txt

MD5 f38f0233e0f96467514919b9327aec77
SHA1 e9143dbb3e4a036946506c1aaa044a1d32edb55e
SHA256 67e4687154537f2dec3b35b1d4f09f7d03443cfce9ac43b5022833fc3d879d7c
SHA512 897deb7551d3576309676d94063c410657345000ad14d3c125f9b7c65fa4396a67dd51a73377b3d0cfb62b5b1122efbd3440cb7feb4e602ec4f742cb1ed9527d

/data/data/com.maplongajn/kl.txt

MD5 15fbc2dbadf4fdd7e40ab0f273707dd9
SHA1 a8903dc0cb7a0e73e22effbd3aea93d8fea19f3b
SHA256 a636a87567e70810c88cea33e9e5873e6b275e626a85f945bd1c2f817b121d4b
SHA512 154ff0133b41667a0e8df3881f2ee79d71c0a0a7a7ef9be627f2de9456163ad041a22dd2145c0caf86baf4198e809ab717a600c234d5c5726cdd1edb6b787ef7

/data/data/com.maplongajn/kl.txt

MD5 c9ce8ede76f4c1fdf598eda3fd76d317
SHA1 e84c1c6485d933f3dc31d72143c4d6865dc31cf8
SHA256 aa02d3b9890af71a859eaa7a07df178fe09943da702864266284e0f313b91984
SHA512 3df5e229250b1afd55199514d60c17ca66f7f11f9693723dad7eea4be0791d166a08a7c51d5ae5382f3179f4470a418f09e3a8c915b210c06d47cf7935b86d98