Analysis
-
max time kernel
10s -
max time network
188s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
10-07-2024 22:00
Static task
static1
Behavioral task
behavioral1
Sample
bbbc3b12289133b4c00db74c42e3eb7b7e6e21f6673f93b9d188d9e59ee49b92.apk
Resource
android-x86-arm-20240624-en
General
-
Target
bbbc3b12289133b4c00db74c42e3eb7b7e6e21f6673f93b9d188d9e59ee49b92.apk
-
Size
509KB
-
MD5
39d98d888c75c2324ce068d3f056c8f6
-
SHA1
07a0693f61bcdab60850c33cc2bb7911faf20c78
-
SHA256
bbbc3b12289133b4c00db74c42e3eb7b7e6e21f6673f93b9d188d9e59ee49b92
-
SHA512
343d921b12d926eee9078e6fbc8e0392fc474b726c66d58cd195dddfbf171286bb68984d60b3c4143dd29b44d7b2c5404194527b1c1b5e23e1294de5b52105e4
-
SSDEEP
12288:Jv764H0dRSqj2E3eV/09CVcUtkhvpTUxX2/nj:BvUdRS3FTcUahvpYdsnj
Malware Config
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 1 IoCs
Processes:
resource yara_rule /data/data/com.oncewondert/cache/fugxlsozrqrnob family_octo -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.oncewondertioc pid process /data/user/0/com.oncewondert/cache/fugxlsozrqrnob 4947 com.oncewondert /data/user/0/com.oncewondert/cache/fugxlsozrqrnob 4947 com.oncewondert -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.oncewondert/cache/fugxlsozrqrnobFilesize
448KB
MD5bfdaec96d93ff5f2169b07113f481db9
SHA1d6588e20fa3e50f58f46bfef11d26cbc6f83b487
SHA2560eb5bf8444fe63724c2ee3c960a5b4ad445f30d79860420c987564318db28e73
SHA51224d7506aa33d1734ae5633dc2880ba6aca7f720f1ea4b33cf84b72f056502d24b277ac2a4e94486001333d9ec1916d2908d2517c31fd824f2018feee63c631b1