Overview

overview

10

Static

static

10

cd015af6cc...f9.apk

android-9-x86

10

cd015af6cc...f9.apk

android-10-x64

10

cd015af6cc...f9.apk

android-11-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    01-04-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9.apk

  • Size

    187KB

  • MD5

    3da3657870504f47cb638a90d1dd88bc

  • SHA1

    5ad6937aba10af75cb27b6db0b4cf45f743150bd

  • SHA256

    cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9

  • SHA512

    010329852877716915b240e943e468b9ceb363876a5dca6462abde12162166270dec2ede6fd9b20d810049e936325bb1afb5ed562cb3d51f3e3a3a17103bf9d6

  • SSDEEP

    3072:H1g4oULzaTN14aHZ1F4jwTVizAbqMbMvZM9ajwOBNtzP13jGXRXFQq4FPAVfCNsf:HLoLFceSAbqli9+HNtz93jYR1Q3FIANA

Score
10/10
octobankercollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://94.156.66.116:7117/gate/

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.adaxffsfzfada.zbsvxgsvbxhdgs
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4257

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit
  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    233B

    MD5

    a556b50fa50df0db637932090148f46a

    SHA1

    19c54b3ebc856b4607ea0766e65dbfa798e45342

    SHA256

    d8e4f07e178f15e3787208702e9bab95cc4698b213f716ff731c0cd29398a286

    SHA512

    974f9a08da99e8262d6df1d747bd98775dc7cdcbe83682c0af6f91a6d4b1f89ed734035c2e6dd47a49ec3b15e4fc2fa0c65a5ab6503621996915682e9cb4c71a

    Download Submit
  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    54B

    MD5

    753caf59f001835f2287bd7da1a21c27

    SHA1

    d3d828a710456bd6e161810a2fbaf4d21ed96a82

    SHA256

    3e740a713b831b27d578db1cc2f5f8a07eac84463040e07ef8d03356ac1cf92d

    SHA512

    48915a48945814b0f6901ecb74f787ed100c949e55962e4f010c2267c06a41465ebb5e9c9a20a20e3942846d0ece25d8cacd20059f9aacb57ce31f1c9cc30187

    Download Submit
  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    63B

    MD5

    ed75c78207a975e1e37171cf38aeef81

    SHA1

    ca88d4cbcc8781e07670aa63488f72aa7bd30bae

    SHA256

    4b313bc531ac49a11d47eeb8a6e51a55552190e57efb1e4b60bc8a52ba387863

    SHA512

    5b7e635dc5cca6158d8005dddffabc81907a0d256f24734844cf6ca1be784a7402ffbaec374fa1ce52f6ceee1b2b1d20d570cc9ca0a26aba7a69d60ad34d47d4

    Download Submit
  • /data/data/com.adaxffsfzfada.zbsvxgsvbxhdgs/kl.txt
    Filesize

    429B

    MD5

    76b8017451df4516f6ff307e0430d325

    SHA1

    f5e90ad93338d6113101d91f80547a12601356e5

    SHA256

    edcea856d53b796eb26fa87962bdb44eceffea0751ec611fb3749e3b96faabc2

    SHA512

    a6a23b84ecffa08b08b31f71658d8196c79a0b29abd6de3d298b4848f808ecd110f66a3042e9d4b7c39f83bcba03a21904a389270c616a4ea6233e0c9cdbcdaf

    Download Submit