Analysis
-
max time kernel
4s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
22-07-2024 22:04
Behavioral task
behavioral1
Sample
08affa968ba39f0d0a215b98d7eda66d5d850ffe13a2fd2a898b495b36638a4f.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
08affa968ba39f0d0a215b98d7eda66d5d850ffe13a2fd2a898b495b36638a4f.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
i11111i111.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
i11111i111.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral5
Sample
i11111i111.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
08affa968ba39f0d0a215b98d7eda66d5d850ffe13a2fd2a898b495b36638a4f.apk
-
Size
1.0MB
-
MD5
e473e678075d68eae689976037e507e0
-
SHA1
8e041b954eba705476e68ccd2ef6d3169c6ba60c
-
SHA256
08affa968ba39f0d0a215b98d7eda66d5d850ffe13a2fd2a898b495b36638a4f
-
SHA512
9cd1423b1b72b35a9f6307a8addaf1920f82f6525a36c62128dee9ce80210c91de8b19d32ee7b4a1784f48c58e0cfd9f6f499e72f2b850c2b27ce51c9b8a9bc2
-
SSDEEP
24576:mh37A/zslVRw4s1odhGihkE1pI14hWgFe4uHdAOe0OR3gEec3m:YrzVHLGoTW4DFe4kdATwEec2
Malware Config
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.nameown12/code_cache/i11111i111.zip family_octo -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.nameown12ioc pid process /data/user/0/com.nameown12/code_cache/i11111i111.zip 4924 com.nameown12 /data/user/0/com.nameown12/code_cache/i11111i111.zip!classes2.dex 4924 com.nameown12 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.nameown12/code_cache/i11111i111.zipFilesize
128KB
MD5f006630fb2bbfad91d74c1bd35a2a914
SHA174ecbe095f4064b57b53417f15238fab3abdb3ac
SHA25664520e37dbb8d285c5e0ea0c03133b1741da8179ac0c520147c16d177459ff9f
SHA5128d77e63f38f469fed5a752d9cc47923b98f7c80b346cf54b9a9cbb6971597581122f081817f7c59e2a232dd18e11ca65c3a03f31bf063fbd20c61266afe08211
-
/data/data/com.nameown12/dpt-libs/x86_64/libdpt.soFilesize
543KB
MD514a36e2eea3edcb7a7b9f00668c86dde
SHA125b0cf4f6423d29402a533517fc6b1277f10d7b1
SHA2568f87c1fdcdadeafa04c11bc390675c2e293cddf8df09971854f637e19651070a
SHA512695ebeb763361f19e1f6a561d88dd3b23e1c8284513e4a01e83a4876f92365c9653039595319f493450c2d75e04e9ff75ba5eeaab50c55363958b1ed279ef8d2
-
/data/user/0/com.nameown12/code_cache/i11111i111.zipFilesize
449KB
MD5f6cfa9db0604c20a6bf80f30a6bf65df
SHA13d511f5b6fedf68bafc2d87951ff5cddd27d48f6
SHA256d49f8ff32fd7487571f830b2ee287806a6ab3ccf8a0d715cd1baaf5b92166683
SHA5120aa797ba9c6f019bdcd8731aa6ae16dc0ba70ce8ad926c176fd9242a9cc18836f479495f1a0ee3ba2b52b3ff9f8d32c2e498452b8de29533696d2375a6b5713e
-
/data/user/0/com.nameown12/code_cache/i11111i111.zip!classes2.dexFilesize
3KB
MD5c15804d75ad84c1de89596a48950be14
SHA1571ed1b9dfc541b2b3929bfa5727b408cae2bb8e
SHA25607072b1c20c4cf6785cba0ea43158365c46dc027e5fb0d43a27826fa1206e5e4
SHA5120612cc8aa98385477592de07c9c8cb5ad602d423a469c0c9cfc6341ff46aa2d4e84be5217bc087fc82f15dbdd2ccce1d72e37e3ff88a9405f4da21538e39e689