Analysis
-
max time kernel
10s -
max time network
178s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
25-08-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
716365c7b76934da04b9c29549e3dbfa16d0670800031cf363cd03e5d88ce488.apk
Resource
android-x86-arm-20240624-en
General
-
Target
716365c7b76934da04b9c29549e3dbfa16d0670800031cf363cd03e5d88ce488.apk
-
Size
509KB
-
MD5
c36b8b8ffae291087716f6ff83dbb6c2
-
SHA1
31075c784efcec4a0b42a3e6316935fa2f06a0f1
-
SHA256
716365c7b76934da04b9c29549e3dbfa16d0670800031cf363cd03e5d88ce488
-
SHA512
bafe4d34247b832c8d02cfd2979b2dbdcdb3f8d54e116dc82a112d75030d6e659dc3391f874a5317939dab7a3c96aa3f2b889102e9372bf1567a9813b4f67fa8
-
SSDEEP
12288:5H/K1sMJ/THD6XQ075eyRstasW1JActBACJftnsT:5S17DDAt5pRdAeBAOftng
Malware Config
Extracted
octo
https://selamcanoonaber.site/ZDljMGYyZTQ3YWRi/
https://hava540derece.com/ZDljMGYyZTQ3YWRi/
https://cehennemdirloo34.com/ZDljMGYyZTQ3YWRi/
https://sicaktanbayilcam52.com/ZDljMGYyZTQ3YWRi/
https://otururkenterliyorum42.com/ZDljMGYyZTQ3YWRi/
https://sicakdanbeynimyandii2.com/ZDljMGYyZTQ3YWRi/
https://slmla6242nbr.com/ZDljMGYyZTQ3YWRi/
https://havacerinlii34.com/ZDljMGYyZTQ3YWRi/
https://havasarinliyorla234.com/ZDljMGYyZTQ3YWRi/
https://sicaklarbittikurtldk6215.com/ZDljMGYyZTQ3YWRi/
https://pikniktupu2534.com/ZDljMGYyZTQ3YWRi/
https://robetcotraslros5234.com/ZDljMGYyZTQ3YWRi/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 1 IoCs
Processes:
resource yara_rule /data/data/com.decidefromrvd/cache/abjznzsdl family_octo -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.decidefromrvdioc pid process /data/user/0/com.decidefromrvd/cache/abjznzsdl 4956 com.decidefromrvd /data/user/0/com.decidefromrvd/cache/abjznzsdl 4956 com.decidefromrvd -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
449KB
MD5ee026dd9ea6c4461594580f539c8e6d1
SHA1326abbd6752589c9b5cf8c55dcb2b5bd07bd8ee6
SHA256a646ff3b3890ee33acf07d844a173eeaf1124ee7b2cbab9680b1685634986638
SHA512de4559b41c1318d5e8bf0cba683b31f61af4a56682258af4f2721326e6cf9ec9510c027700b09185bdd5e9344fb90432ddb72d9329543094ed95e2a55615d760