Analysis
-
max time kernel
6s -
max time network
191s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
19-08-2024 22:00
Static task
static1
Behavioral task
behavioral1
Sample
64b47c59de61faa3b6742ee3aca8ffddd13c54d4288e79d7c7076d94628c3e5e.apk
Resource
android-x86-arm-20240624-en
General
-
Target
64b47c59de61faa3b6742ee3aca8ffddd13c54d4288e79d7c7076d94628c3e5e.apk
-
Size
2.5MB
-
MD5
ffed1a365a42908be3b491986399048f
-
SHA1
bb32813891a8ff7caaab45053626a62a2c88df9b
-
SHA256
64b47c59de61faa3b6742ee3aca8ffddd13c54d4288e79d7c7076d94628c3e5e
-
SHA512
279e8b3698077854c3785fc243b900cf7ac9f10e32cb3050faa9413146af5b2bf27e560c9c37a7bd7d36a866f426e62f4f1829477f48ad92117e9fa07938e86f
-
SSDEEP
49152:Y8pvV+HKZQWnA8vcILegKOvZoTZbipIVIeJTS0PqRgX0PXBQaogB3f4Kh9YA1499:jLdnr9egNBoVepOIeJTSVg2Xy9gB3AKO
Malware Config
Extracted
octo
https://rolnivexa.website/M2I2ZjI1MzMxMmMx/
https://kelvorim.store/M2I2ZjI1MzMxMmMx/
https://zanorvix.site/M2I2ZjI1MzMxMmMx/
https://xeromixan.website/M2I2ZjI1MzMxMmMx/
https://vernolixa.store/M2I2ZjI1MzMxMmMx/
https://travinox.site/M2I2ZjI1MzMxMmMx/
https://lornivex.website/M2I2ZjI1MzMxMmMx/
https://zolvinax.store/M2I2ZjI1MzMxMmMx/
https://melranix.site/M2I2ZjI1MzMxMmMx/
https://tarovixa.website/M2I2ZjI1MzMxMmMx/
https://ferolixan.store/M2I2ZjI1MzMxMmMx/
https://zarovinx.site/M2I2ZjI1MzMxMmMx/
https://xelronax.website/M2I2ZjI1MzMxMmMx/
https://voranlix.store/M2I2ZjI1MzMxMmMx/
https://norvelix.site/M2I2ZjI1MzMxMmMx/
https://peranlix.website/M2I2ZjI1MzMxMmMx/
https://jervonix.store/M2I2ZjI1MzMxMmMx/
https://kolvinex.site/M2I2ZjI1MzMxMmMx/
https://tarnivex.website/M2I2ZjI1MzMxMmMx/
https://solvenix.store/M2I2ZjI1MzMxMmMx/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.slim.tobacco/app_green/LU.json family_octo -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.slim.tobaccoioc pid process /data/user/0/com.slim.tobacco/app_green/LU.json 5014 com.slim.tobacco -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152KB
MD5e6e1168373328c6c96fcedf9ca95d4d8
SHA1c3568025a20d3c8aa9eabd98abf7faff0eb0f2b9
SHA2568386236f1a815a7fae0f5c4812195cb78a350f352dcfa256dd1f837c27551981
SHA512f3ea704652bc414a38f21211077d3acc4c67bb5c1b3ad699afe72038ec321d00e52c8da641298ebf1e612d09fe4aa52f866e3bfd993fa84c1f0eadfcf49453c7
-
Filesize
152KB
MD5c09b0c67fd5676913585f4ad71cefa52
SHA1091bc024552735b68859c7d9bb538f40c305c2d9
SHA25656b60f155b72267a258e08a1029f8a7bbb0d344107b26dd8288c2658644c7021
SHA5128de932f417f0e17ca92ed52f25480f55ce08bd5207e87a5f43ecbfdaafd2513d8c7b30873d6bb220317828f771d6286a117ee339fc78b0f5298741bbc1bb3ba4
-
Filesize
450KB
MD5d0731e23f18b8549569138abeb9643bf
SHA1c36d933ffb4e86cb7939e8d2a5009a7116c80c72
SHA2566de95df22f529d48b75bf949c9946993b8d0ddfbb717910a8023a262878d4a15
SHA512880811845ad85c550e62899d09833190678f0fd7b2deb7f357e3c78cfc7dc54d29246f51587515f244109fddfbb24c9927cfe5a0e5510f7d26f4114bd8f451ac