Analysis

  • max time kernel
    155s
  • max time network
    136s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20231215-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
  • submitted
    19-02-2024 22:03

General

  • Target

    0aa73f6a672c97dbfce28d348c68921c05a405de7d40e4fd982c6f67a8f1fcf6.apk

  • Size

    541KB

  • MD5

    c8b10cd9fc7821840d8d584181d04c85

  • SHA1

    93c71172ae62d853e0ae49decc48c42be8dc53c7

  • SHA256

    0aa73f6a672c97dbfce28d348c68921c05a405de7d40e4fd982c6f67a8f1fcf6

  • SHA512

    ee68988d3f22098b81881be22e48e139b2de40beaad55b8af21ba4ac3fcf5ac38d11accadbc9ecbe3b2b9e93ac72bcdbcdd4bc541fe8527cd377461428e278e3

  • SSDEEP

    12288:bPHW4OQ7CVZ/y7tkpHB/gHpopATPhiubn+:z2jQ7CVZ/2mHIbTPhTn+

Malware Config

Extracted

Family

octo

C2

https://91.240.118.224/NjQyNDcyMjE3ZWU3/

https://asamanaproductioneditionksla.net/NjQyNDcyMjE3ZWU3/

https://asamanaproductioneditionalsk.com/NjQyNDcyMjE3ZWU3/

https://asamanaproductioneditionpskl.net/NjQyNDcyMjE3ZWU3/

https://asamanaproductioneditionctfm.com/NjQyNDcyMjE3ZWU3/

https://asamanaproductioneditiontsma.net/NjQyNDcyMjE3ZWU3/

https://asamanaproductioneditiontols.com/NjQyNDcyMjE3ZWU3/

https://asamanaproductioneditionkdna.net/NjQyNDcyMjE3ZWU3/

Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

  • Octo payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.singreal1
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4290

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.singreal1/.qcom.singreal1

    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

  • /data/user/0/com.singreal1/cache/hjienb

    Filesize

    450KB

    MD5

    97070dd36f79ad5c209abb2cf5171a1c

    SHA1

    ac99fff03b15d9429a08fd53a16a3b467b2619a5

    SHA256

    96c5fe7c50e98f015de4c144498b6b0adcd26fb919e57bc4bf79ae5d395ee59b

    SHA512

    caffe0fdbb34dd532cd9e02f0875b5ff3be547a168e6b69356edad2fb019fff496d41b988851c61ada2b069ef2b89e934c41d79bde1a13d596a44847849f4ddf

  • /data/user/0/com.singreal1/cache/oat/hjienb.cur.prof

    Filesize

    380B

    MD5

    cc912789c105ba590d712a237001c3ae

    SHA1

    0f3ae6709b86a57e4bada0447d15ef589d11d325

    SHA256

    c6c55f0cabe9283613a40c288227d15e9d0cac2aa674018c43790f13590ec66d

    SHA512

    f94414e3ed526461f388c794b55de1d3743b81162b9eb831bedc89c2d6e3a92924b206f84f99f0d15d40474b69e93a287c5d7cf60bf4424d28351fa1f2ae92aa

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    60B

    MD5

    3845b6e094fb38e82f34869d68e3be52

    SHA1

    923e8dda777ba84bf99137f40e13500c75eb67ac

    SHA256

    fa97cc1e6fd002988662167bec7b8d30b0313023adc42ab6188a82af49e9044f

    SHA512

    4de9504f3907a478a3db79afed8b3de01c6f84148d2f88398d44663b2a64e9051164e1216d655fd232cb19557893ba190be761ede20ba4ffd0e14418da7a467f

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    52B

    MD5

    b2ee3cb4d48afb5e5323358c75f3e95b

    SHA1

    0276844a7725dbfd3e41e3d2c354def4649ecc62

    SHA256

    5481b6457348bd369227d7394f1f9d0d5de0f60608d25010874ac5376e51c8a1

    SHA512

    3178f732c2e96e47f051d4615dda0af1d6d59f9222fe82bf132a2bfb16ce2b372f7bff5d58e7d0e30a108e4fe6587ad0beb8dbb0d49f69e3439429f5d9cee35e

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    70B

    MD5

    4770d808f6704e3bae990079936b33a3

    SHA1

    f28e66519650d1387c982af914e41802883ec75c

    SHA256

    5d5df82167223cea862337a7eba32f197da4d0efafa66b6ea391f190d8c17344

    SHA512

    088a7aba32b9203a5e7c7ce35775fac64234ab65875ea113943f667fb40c4d7bcab0ced3c1731fd6e4afca747dfe506bec00f199ce9c76861442873299e0db99

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    55B

    MD5

    f438fdaf3f6bd5de2c59c5a8546118f9

    SHA1

    34d6f37914e3fd8a120f3bfce767be460319568c

    SHA256

    331c1bc23680c9faf8d61c728fe08200a1f10e9d939714affd4bc75626342d4f

    SHA512

    dc60595b2907748c82b7f797f89d0f922ed3a1202e3a5fec9e30b105780aaaa08a9c4c8c63c848bcf07525be508dbfddb2a6c090fb1c5687ac47cac62552c06a

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    45B

    MD5

    8bd23aef612aed9e881088b9a192c9db

    SHA1

    10bea3980357a204f27a40ee53a4ee079f928abc

    SHA256

    c686e1baca810e5c8129d8bb324e8ffbd23cbc92b505be9839716a459516f5d4

    SHA512

    def3d7f5667471e723fbdf21b4c9ac9733b603103379900c2d90051510a0b61d422ca8218054042eb3035d37bbc27dcf996f3ddc19cb3126e06181bda7356f08

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    70B

    MD5

    dfc27dfb9a3dfe1349b6d2940844617d

    SHA1

    2f736fe8fc1a5d6f83fc36fba9c7c7d1e37f37cb

    SHA256

    7babc79ad6f802018377f0ebc9f05d18b3ac11a33266e9abbf7f3bfc21ff9bbe

    SHA512

    493ec36f977c08993d27232e215a9b53b223ee85be9f6bfef9222cce6e8251803518e8d9798c2b276fcff4131172fdc994d82b3521c343b1ecc33f3daae9667d

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    490B

    MD5

    647342fe58057ef38ac1a29f1fdd2167

    SHA1

    4ba6b484bb1fdb08c171186f98598fbd81e5e41a

    SHA256

    9648da74b5213c1c9ef01374dea0bb2467feeb996a76ef1a77d0642488143258

    SHA512

    18941adf01a81f1875dc086529081a20a8ba8eab696b99821ffdbc08f10aaa54123f8c3fa3ea7a458d83390445d678e88ebd464114cd3029dc1fb2dde56dba4f

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    45B

    MD5

    b54b91a4d9cdca4f234a952c854f9888

    SHA1

    b6f7c074030644bd1b07e7373ff2b4136914fc09

    SHA256

    6570dbf1e457d1fde2687b4c86a3b2fef4a45861092e2fa344132b52396fd000

    SHA512

    6b8ec6f52e54dca8bda554c0e866fc5d2522d5d2d991e37f28b52960ecb1f384ac717a31bb55ec30358ca010fff852f1d53127d771e75e735dc6e59108a76631

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    70B

    MD5

    db74d48a022d37934118bd2bc1c9a600

    SHA1

    1fe7122785c671f0eb81b696a4c6b3d34d8b63ca

    SHA256

    45065234b5bfa3ce0468673961561e5a235f8324122272f1a2cc09d62f63f0c0

    SHA512

    b2e74665b8471a5e8838ef60e454022af34bf670eb2b8648c2a356e1f60976f10081737a3d1df2b336af89116c8a6f19aa0eb19a52fd94de5bb075bfb851f416

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    72B

    MD5

    71554fcbf98d9974f0795ef21066e026

    SHA1

    46d7e4ee09db6a3bac48bbb598dc7aab4cf980c6

    SHA256

    e8fcd79ef8abd831a2835cf53ab69c0ac190733e0a3db49bfe25d0afaeb34af4

    SHA512

    91db718a26632bda4a599460d30cc5afee0c9cf2ad7bc7cefe52036aa8578a0bd6c2a382d6204349fe3195f64dc92dbe2774bdca75c33c9eb9f2b5d7c9aabcda

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    76B

    MD5

    d015c8c9f1af4249c6b5872c910796a4

    SHA1

    1c04e635acd5e2422112b331c68aca7b6297d40f

    SHA256

    e8e80b30f184b6fe3768a3f368c3ba1262de18366e75dcddaae624f46e371e50

    SHA512

    935d7b704512c7e800a92bc21767cd6630f74a942cbb75b4eb90cbf52d8558f2e5686de45bc5a2a8c2b35a3785c9dcf59c57e03e2eafc0e6660a99054f0098a1

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    214B

    MD5

    a047679045cc6666ad28f215b0f0f5e8

    SHA1

    375316a19530c8128338734cf017a827b476f064

    SHA256

    fc24d39fdb9a9ad9fe7776670c4e807178c502d1508bae69ebedf8c2b73c7e09

    SHA512

    d8a897b90c11eda7439a9c09f6a6c8dca1270e4985220aa347470b21ce24007a303528f8f9d42a462b25580fffdd9eb70653554d429a6ada02120c8dfc13c87f

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    60B

    MD5

    d658ea8bd5abff00162e6d6fa6f90a45

    SHA1

    a9b85bce3ba9f7f815550ade00b438b85990d4ed

    SHA256

    bb9bae504512689b796a8e85dbbbc24de55ff923c70b26d8345b8541c8a88914

    SHA512

    d96bd72ad77b6dc0a0efe65542414d37e192eabfe65372b3fb646a40fe7dd0309c598622326f429878e76dd9c86c36be3191ec425fc4a13daa1b62df92f02578

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    68B

    MD5

    257c600a594d7f3bd32bcc3cbfd5e46f

    SHA1

    6f9969d624b406914d3e97c64993bdb54e01823d

    SHA256

    d871b2caaf913eeb23c9712ebf6d8411d501a614e8e3da75d25f6c9a4d24746a

    SHA512

    b863498476e182b5318b6827ced3239a93da36457f0198446e6e438523a5b5bbdacdcc7ad80d19cfe2c936b5193c52394c50a246b47fd1d6238a0fc7090e69d5

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    214B

    MD5

    5cab6d3362dd572b981a38fec5ea6850

    SHA1

    b3410350a21eee1461508291c5fac28e7322d6bc

    SHA256

    fdac9cbd26909972145610fc5c365a87ccab43e488d7d04152080f7ce7a0eb0e

    SHA512

    29380e5a4c347cbad384252e6ca9b6f583569c2e961a3bb07ea94c1eea1cabea4440a01d039709c7e5895414131d8cf4782e973781d95208bef04db0182970fe

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    54B

    MD5

    0329a1ad00888d370e55417bf4ddd09d

    SHA1

    e13ad8185f9887fbd5e7e31d7603e6cbbfb17d4a

    SHA256

    e2737698588414690047e118821fc5aeceb5c399d325eebd50c119631168f291

    SHA512

    c3e4da6c08f863d32e1a6efe191bef345898c67016cae1f0f1a46a6dca253352dec569b3394edb87281b768457c8a2df5665a76c270b0ecee4666f6313327aef

  • /data/user/0/com.singreal1/kl.txt

    Filesize

    68B

    MD5

    2ebf9a826d2d16898da160fa2ffa54ae

    SHA1

    841ec10aa6fe1c10c6fe579ac012101b97b48e11

    SHA256

    c1a48bd48fa09a6f4ae13e47f9f403c5b8887ad755543e5bc0711419bdc6391a

    SHA512

    14cecb6de535037e537fa03b9a973e0aebd3dc7eb5f8b34a3ca0886394afd858e049415c73a3f9bbb1ccc2f5d692cbaf8bfdde6ba1baf35f785c5284b412b6bd