Overview

overview

10

Static

static

6

6b02cf5510...6e.apk

android-9-x86

10

6b02cf5510...6e.apk

android-13-x64

10

Analysis

  • max time kernel
    179s
  • max time network
    175s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240514-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
  • submitted
    28-05-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e.apk

  • Size

    541KB

  • MD5

    9c39e5c34b578d7a98355b5d2b0670a8

  • SHA1

    39820bea95d12ec866178bba17e5b62b0e3347ef

  • SHA256

    6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e

  • SHA512

    576f12d7f29d1921284ade4bf8edae36262423b9e0560cf223c8ccb3881c2d56ac19341797835b66055d3e1ca742e18a56a53d7e800af4919ad3326fd372c368

  • SSDEEP

    12288:xDE1vzhZ9pu1agHt0kyFiuZwByDo7wI9xoLVtlDbpiY9b1flvODnKn:xDEFLK1aglfuJkwGyvDbxBflvIni

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://adile56tasarim.com/ZDQ5M2JhM2ZkZTkx/

https://6adiletasarim.com/ZDQ5M2JhM2ZkZTkx/

https://7adiletasarim.com/ZDQ5M2JhM2ZkZTkx/

https://8adiletasarim.com/ZDQ5M2JhM2ZkZTkx/

https://9adiletasarim.com/ZDQ5M2JhM2ZkZTkx/

https://5adiletasarim.com/ZDQ5M2JhM2ZkZTkx/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 1 IoCs
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests modifying system settings. 1 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.themfriend3
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests modifying system settings.
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4300

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.themfriend3/.qcom.themfriend3
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.themfriend3/cache/jgipdijdja
    Filesize

    448KB

    MD5

    41be45dc021baeed4b7ff86c543b7e81

    SHA1

    ebbb4386bc4e35fcbc1f3569e16bfe4ade23f1f5

    SHA256

    507cad08da8b063e1eb7bd7c274a51478b0b14b64378c1125e42d5fb55ee4b20

    SHA512

    d7d03fceaa9d6ea3c34b93d8e891ed4b80b6298e99950bc3f4d4dec726863a9172a9629d154c9d8c22efdde45785c9cd261847343aa6eae508c9ced4020cf8f9

    Download Submit

  • /data/user/0/com.themfriend3/cache/oat/jgipdijdja.cur.prof
    Filesize

    270B

    MD5

    696b6130774db7f11db59fe276f837b6

    SHA1

    70fe1a9f937f06c2fb6aacf2c6e98785cacc0c9f

    SHA256

    7db446bbaae96cabebfe1c053ec752a2f08a40165551b1937b300ce1771e1a5e

    SHA512

    e273f27e813b0716ba742dd8650bdbd8486a0c9c6ef6134ebc3414f28283a40223ae0fdf607db0fd5a3b1b67c96b629d0f84bcd44057719d004ff4702ab68236

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    79B

    MD5

    018eb3c7d5fa0c21846b0d65bc05f2d3

    SHA1

    c0659375d48119028b82fc917c6b00e194105a72

    SHA256

    784828b99f5df0f9fa048c656b20ae6bc7c280d2971f5edb6bb112b296098878

    SHA512

    82617d60899411e39d0213c7f96c27d3bf3948249689d066541b97ab2add97ff9d843d1d3e0d13b5fd8af341099740d51b3df75f23bac43bf53d6a674d369712

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    504B

    MD5

    e0cd1c36b501736baa771de1d4c2cde1

    SHA1

    8854bea6cf45424730cc9099a616ac84292a00c7

    SHA256

    d60ff547f42851ec01b79b6d9ac831aa43784e9b36f384c3aca0876f96e3024c

    SHA512

    9835396b8c5e41fb7ef7cce73b67e14d8fb50ab3017010225bf1cd1968d85fc9b3add560deeea5177ac7dfc39bfaa469805e328e06ce450659ba6bf670be772c

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    45B

    MD5

    46b7d948f994e10039db1cabfaf6092b

    SHA1

    1f6c6ca7509ef4aa792bcbb13f49ad0b8251fa5d

    SHA256

    4dd2afbde25ac58961f345ed14d84177c968aa5f8d65ee5a3b8f24794c20bfeb

    SHA512

    47900fa17da7cffd12337f82a57a2e01eb5686199562186890ac7c2b0957e449bfb85a8aec2f8a4e547593dd0863fc0c61d0a1f22a1e7e7feb0e2b437fdb2d4b

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    70B

    MD5

    16e1b7479fd6ff5b15ca4a545f589ac0

    SHA1

    b74e28044173c467cfad8b930d059faa41e72b51

    SHA256

    7c8e9c6cac4365ad9c7ca034d671acf5fde09fcaceeed068ff8b164db0a180ad

    SHA512

    f1f9a94b3dece6189ea8b8dd46a07dbf593f465e64a1803edfa7217b3d956fa6780752becdcc36c4d47e60bdf1fbf24d106078fad3b86cc50609c03d36ea827a

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    52B

    MD5

    eac13ec702bd57f0848fb9eecb96c560

    SHA1

    5693dc478ee079b20dbf0cb03e763c35c6c7a4e7

    SHA256

    24ffa99f474e9fa2216c20373a6502bde9f9542f7fe5fe6fde298313e07a9a10

    SHA512

    7c563e6d4d612c66e54fa4ea5073f73f43318f3f9536021296a6b054140831dbf57dc1c1c4c0faac2477e75bd294b657506da7a805283afbc23eaa312876a925

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    66B

    MD5

    b1b9dc2e4c6ea92503c0214b0eef1e87

    SHA1

    0874c3b86c362afc919d1b97beb281351703e072

    SHA256

    126b5110cdb90972a53a20adbbbdaa4e7486da0865224bf6fd811a63bb6824d8

    SHA512

    5f158b89bac87b40596a8c288abc5898a35237e399d87e888857b9a8e119877b5135bf57507201b1022207f83623f7cf698ba6830b5892c5137cc8be8bc868c0

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    84B

    MD5

    d8169221069832936ab8836c285d72d4

    SHA1

    db5cdfcfafde31bf46ebba0792bda8b8389fc3b4

    SHA256

    e4d59b3beec366b9603e2eecc7f05557a495794308fd38a9a62dcb7628bc4aab

    SHA512

    c849f33fe60cae4a51cea8210ab713e26343bf34e297258f4efceca2be5e3c07128bee02c38d220d26fd004ad9e3f3eda35513a4541ce0284a97b42f328eebee

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    68B

    MD5

    b28a1cc1efd4fcc243c4ae484a6f55ad

    SHA1

    0d6ea90742b48d5370c7ee49be5600439af44adb

    SHA256

    d863ecadc2639218f1bf6e29a9ea3864be8f5527fb0610bf021ed74c00f34e2f

    SHA512

    afb02375da0c76e5c154b71ef78977688b7eb72eb5b7243e0461a55aab96f8a55c1d6d9ae364f3f6e02215cd89e10a60712d3593a681ecb5da629e10551e270a

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    68B

    MD5

    bb47d40cbab3850d3867a9fe219447b3

    SHA1

    e7e25ba98cc78975f6d15ac4499ceb217b08586c

    SHA256

    0cf40e96fb91b60bfdd01ced1e65780ecdc91f24a5e0a55016da206f2d6fd35c

    SHA512

    dcda46af4562990c18bf531eb6c2ebb2ec44848fba60904961cbefff5747149555fa8ed5c2992ed341aba6f3e8773d26bd2f81ef6cc142160a29122a8d751fa7

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    221B

    MD5

    bb2de015d57c468c3f0f212bb1e37ba4

    SHA1

    84ffa922624b6dba49dc03118f3264c49b9672eb

    SHA256

    b3fb03abcb3e8bab3c39305faebbe0cff515b15debc575e02c76b5ca1ce28005

    SHA512

    bca4dc30e5e84baa1ab7359ca2af0777d313024eb9ec6e6c520ad3aa8adead1011085eaa284f3fc26936e8ae8e2dc49ce6a0a8244235988fea1d57c23c1fc622

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    52B

    MD5

    8625cc9b0058e08a52ab18fc7fb7a645

    SHA1

    d2bc36750c9587874e414673b671990ee4ce0df0

    SHA256

    67dc51fa43d3352de014254460452936821f6a6274a04fc32d01709c275004c0

    SHA512

    2f8df4f51d6710e1951518614d90020323b22d552b66bf868333e37d5083437695c441c7317d92f0d9c750352ea54840ce65185cfca325c3de0fc14ad094c7fc

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    70B

    MD5

    82d65f8516d8dc28a0b0d280ba460308

    SHA1

    bf352d45afea9bc2979a5b1122e35208c7e91f11

    SHA256

    4a92ae978409364728e90b14ce9c52403ac3b62a5e6981dfb6ab0d01ecdc2cdb

    SHA512

    892a11826a2db5ed828836e56ed91a88fceb14cdc2049f88667a715e37173eaa90737312cf56ddf3b14f52ab1ea1fffb93cd85545e76fa7c4ea29847ddbd4d68

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    62B

    MD5

    cc95775ba13724ca8de6debeb5f5c2f5

    SHA1

    a464c485b51bf17d725de0652c5f54c1a7256d05

    SHA256

    66a17bf7f08bfdff66152fc92ae1f42968da4b49854cd39115b11afc8fd36d6b

    SHA512

    5bdf6d54f02cdc6dffa10d20d9f60f11ef60befbc03dfe845f785dada885674da0f2806f3ee215fcc0ffb9dd8327228d559bd3321cd45d3b9261d58ba7e5c7f6

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    45B

    MD5

    50184e1ebdff48635257cb76d2cb3225

    SHA1

    c7ddf8d396358db723cda329140c61e7e0290522

    SHA256

    994cc5c92dbb22aabf956be5ffba08fd440be6e1ca1512c27ce0ffdf7fae64d0

    SHA512

    5b9a53ab638b372dea0bb09788f4ba611ef7c37501c432e9d4598f03184a8d4b10ad09df4974c375cb09c0b0078d103fa2ddc72e6e1295738f3ca57c3f6363df

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    70B

    MD5

    02f82c93bd421e26238240e664563905

    SHA1

    624e5ebf93883ec8d69dfe4fac149a0ca06cb53e

    SHA256

    9ccaf68b3c11bdeaf99e29677feae5dff582133acce8d0fbd2ca8304a5d0f19a

    SHA512

    61aa49c306a13bfa248261447fc3f18888867b8ae0be4f686c272a26948a10a1be76450e9f3b3c38f78f9af1b3e15eb267e602f9ec6ca9abd971e32b79c7a603

    Download Submit

  • /data/user/0/com.themfriend3/kl.txt
    Filesize

    45B

    MD5

    b63b28104cdf682f9ca4ec5cb298bed5

    SHA1

    c45a5eca264e0303f6200f734e4ecee42a5d48d3

    SHA256

    6c6bea07f0958b1915d17fb8ca5f41d73ee5fb49ea66462a4102ceb19b7f364f

    SHA512

    87af43fe05b7b70f81be2dda7fefa0b81f3a57cceaf25e7f9606069c4fe5dfde18d6421dc68d8d6287ed8c066233c5f15aa49ef126273091056dd2bdebf62c2e

    Download Submit