Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240229-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
  • submitted
    02-03-2024 22:00

General

  • Target

    f89b36bee38876b2757a0123d1a35bee9a7924d5b0688ff17f421db9172a58d5.apk

  • Size

    3.2MB

  • MD5

    abe001a87674a2d3066cfd1885a20c8b

  • SHA1

    4c7b2065cb5be0276286c9074c330f17ab2b5396

  • SHA256

    f89b36bee38876b2757a0123d1a35bee9a7924d5b0688ff17f421db9172a58d5

  • SHA512

    2cf499e11de6cec934e4b7f1b0fb74a7decb9cfe761c270865647e1761b32b8a0a8bfee2d0b5adef6ffa481bdaeab8f8365e61f4433b0fd0a00d301e5bc55f93

  • SSDEEP

    98304:Actp3MJY6jAeq31GmBCfbojNwY+uN0/rHsm:ActJeAePveK/Am

Malware Config

Extracted

Family

octo

C2

https://2.57.149.238:7117/gate/

https://2.57.149.238:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://2.57.149.238:80/builderxxxzzz/gate/

Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4299

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12

    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    70B

    MD5

    f3d286b45ef2afd446be11b9ba1dd5f4

    SHA1

    ac7314a557c6b3e5f898fafd2c8da341e394a99c

    SHA256

    a0d832a105258d8c0c83607ad63152e1781fe79eb02cef963008c4887ee631ee

    SHA512

    e49694c6a996358ff6d03287bd505214bc86e39fd0fc4fb2a4203a64fe31fffb1c7f7e9bb806353f6fec019a895db6c716f2455b56c240dda0a25172a7530a0c

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    55B

    MD5

    e360235177f64aea790dd5aa1bb78bc2

    SHA1

    71130c761aedfff109b42f1d9392b9a9466f9c67

    SHA256

    07dbd13b8c3c1736137343d4ab50708a1d6dde70ecfee1961aeded99b608ca65

    SHA512

    6f27bbecdbdff38dafdee8b1af9241f8f23005c2b9b571b78edab1dc5c5d059618c9f5452eb593eccd4b87f05ed22934da9712faef6897a7d159a4d34512a52c

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    45B

    MD5

    f4486f8d433cd0cddc032d7be01e3b33

    SHA1

    cca4de79797ff6294499315778cfe1d71e6ece68

    SHA256

    b13bba2b0105a0f0569e27e7b31699d3a0068b8cc34d9063cdf70ec616d89949

    SHA512

    b3fec7f9178510a51d10275f38d2e283b2c8f737f23c1b8e40c0243d9159c06440ab060a80702efaa70bfa2fb591d74b65690692db041abd2899be76eaaae6c6

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    70B

    MD5

    a36907aaa6cc014704d924b3799974e4

    SHA1

    5b5772ee8b993f4043966447cdcdb6e0c5474e97

    SHA256

    3ae2dba9e0d20fb8ffeaf5b570c4a6cc2835acd7e608fb1e6b8bc611b997af90

    SHA512

    881b208b38f23ead3643e1faf30b6c73eb9b71a01e4f28f3c2209a84dcd861c122c3d9f9282667cf7b3371017d7b8740597979378e8f5f1c7c397979ba95b728

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    490B

    MD5

    06f8b16ed7ace64cead4fd9f3e8319b8

    SHA1

    e91ff4122bf26ee9c5afa69b0f556b0d623f9962

    SHA256

    5c2f36f1c2e1a59ba8b5d689214441364193af6d953244ce0227d6043baea318

    SHA512

    1b523e66c2acc2e765b96f127f8d0e3287c8188d1712583c753191630a786e3a0ac9c1813c712d9d7c2772b5d00f7f949841ef96e74ccdc9bf5a25661648367d

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    45B

    MD5

    f719d02647e4bc88a5febe9a4276ae98

    SHA1

    d486b2852289ef58a637f94e9f9e5d772254623a

    SHA256

    9e9ca493805dab84a61a09eb149fbad506b5e853d8fe2fbd0d23606a5753c9df

    SHA512

    f9a9abdccd43087c1d8a3bb68951422500921c0807a6eabc32b8a5a8f6bff06821686e23f0153138b4070c3688b472db5cd7303d9b358dbd5b16699f51783b97

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    70B

    MD5

    1dd45513c7401988c6f7b85bd484dd6d

    SHA1

    0e831ad823634c3f003c4ff822b9d8f9e04808ca

    SHA256

    68c87e006a41155360ce8300caa8a43d97a1f30fda967c17ac836eb41bb85819

    SHA512

    2ca743e165c59d07c362fae63ae09b788772dfd0d88bfb277c2b935c35c06dd371c52b77dd916cf57aeec794769a9ea4533f5e5d2a0e9107b368d2e3abc63299

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    70B

    MD5

    1a7ca634f806ba1946c5cf4990b46947

    SHA1

    42db261b059749408a61a70ff1224fd546bbc768

    SHA256

    5d3f37956f04fde407ad5d8d98c49671b4999855e42e70dad1f55a5aee3d597e

    SHA512

    895c37cc71c0553701839327bda75b2e47836eb0818638dbf28247e20b4570a991e3f8e853efcbcc6fb8e15de61a140e9c00a0e23954bed8da87f65507c97eb7

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    214B

    MD5

    2742297855ffa3858e620c57fa79fd37

    SHA1

    0135523d548a1afb05884da34f0bb02a019de4ac

    SHA256

    b69300d9ad6221a97236c482c647f7eb6b8b116f6d9373f42f7913faa8d3ce04

    SHA512

    a6398a67b54bb6708e051352e5c55ba7255ed17cc4cf6ef4efd6cc5d605735952581a725aa0e594809438b4e05981244d7daa9935f8927f82662aa8cf140bc39

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    68B

    MD5

    4b05e464921e57def5e91d26f2a3e168

    SHA1

    af9dc83be9450335705587ca3e59d44063f55e29

    SHA256

    cf79d83ac236d2d18f5e1d691482a9aab147e8da811244b92edb5e3600b70897

    SHA512

    df5e8d3ea9f7fc2752bd73e33fd98f1a773aa0e70fd2eb9f65db7e792c5597a1a28e02ceebf3023855811d212d5f0d3b4cd37bb9294ec18e50e4eacaf9537a35

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    68B

    MD5

    65930654bbd5ea64141939cd09810aa0

    SHA1

    6f7957d4b9b83f89d5175d04fc80e071061303d2

    SHA256

    935d64d1f95efc7816232a6837af8737dd41e170d6b4552a718ad397ce005739

    SHA512

    e144f0253927e714432924c2e3b1fb1bb5d2c79916fd34339fbf3841ebe43763c7fe27f6713c096570eac937dd3418474d7e1bfaf7a1147b6715bf715df31b81

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    53B

    MD5

    9455a8570012b15ff7477e8e676552bc

    SHA1

    29b118db9fe69a695ed599d17c5ea5d5542879c0

    SHA256

    e4c9d4a80786f330be60ad7bbcb3fd4534f220ac649e4bb7ccd3440d997c89ec

    SHA512

    2eaea046dfab02bfd8f9b235107fe45864e350480c1ae78ba6389436345158bfa20f55684c0524b5d01751439137c3bdd2d74d35c26b08912dbc400f1088562e

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    68B

    MD5

    baafe27f1f8db8f9e89dfdac50bc63b5

    SHA1

    bfeeceac6af55dc00ea82c622901420341525fc3

    SHA256

    684adac77d76f6ebaa17999c66059b61c585126031c4a3f9447291b96d2294c5

    SHA512

    23152798f3754c383ba1fa28ff87d0b1e610142cd38774a615a6c4db1d9ff4e732eae927366a9d036ea2b40a1f0b274950f5ddb5cf379ca183fb691161a6340b

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    214B

    MD5

    45e3d806cd9a955b92e629bbc9feb6a8

    SHA1

    5dc30ecde423a96ae7ebcbf39ab4eff9501a3f23

    SHA256

    fa1c9e88e79cf294f788273c7ab0b200743361dd25e5007db6cab0b23f5e1ed7

    SHA512

    7b14ec3db8d64965fceb97eb3a5eb221f624657aaa7ebc804748e739cddda7ed570777ee7efce5ba2f32ebf0578f7f338302fe2b623922aaef73db63e21c66f5

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    54B

    MD5

    29fbfe6935b4a2b7e871953e133b3509

    SHA1

    89a4fa352b00efa8f89f06c0829259b12943837b

    SHA256

    39455455473b955810f718fcbcd0f1dbd7cdabdde10c523cd897ad86af471bb3

    SHA512

    7edc543c8caf7c73cb948d676035cd153c2e7472c16128964039567c2043ef0e0f9bf490bf76234cd9ab7dbf1a057ee536c667c0baaa210e2012e46493e4c19a

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    68B

    MD5

    c55ed83c252a31781665a5b84fb5e174

    SHA1

    0c29206bfd764c9aa16fbf04c1b9b8152ece28d1

    SHA256

    0cdbca96ff7a0151450a752f933cd2baac9b1c082121c5ac882b241d651723bf

    SHA512

    fef2434e8bd8c0201eabcdb7cdc1c6d3080b2a8c140f8ce00ffd74692e8e7790d9f722dd60731f54826d8020adeece3fca05ebe094d18a89ecb58b82304dd52f

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    60B

    MD5

    0b312b809022f3c5d7afbd82aad6dc91

    SHA1

    de0e57296b648edc763aa770c9e8e492da8dd950

    SHA256

    565d425ebeb058dff982b78653d607a07f81267a76f5d5eca25241f2f9c16aa5

    SHA512

    801a469916444d20fe36c6ba2a2a3ec71a10d0e66effd03ed9db6185d59d1f2c77f45d9735689f70212ed7ecaa9de0c454bfae24a2a7bc041d52bc68900b22c7

  • /data/user/0/com.nameown12/kl.txt

    Filesize

    52B

    MD5

    9cd8d6e57bd1ab1e242dabe4f5315934

    SHA1

    65a9478dc761dcbb57e680e5c6af9a77ba249c53

    SHA256

    dd75a448ba765b085875cb3f8a57faf5d05e40f56503028e44086d80d2ac7586

    SHA512

    42a03e4c8d7f7032ca6a0625ec356b12b1d8526bf5bb3250614fb3e71fc20635af53cd4b9d2b40b64a8c86de5c8574ff7b45baba5692567f04c53048cffd596a