Analysis
-
max time kernel
10s -
max time network
176s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
25-08-2024 22:03
Static task
static1
Behavioral task
behavioral1
Sample
96e157d43f885e4106071740f4c4e79a51acfa62b0fb8421c2506dc35e614378.apk
Resource
android-x86-arm-20240624-en
General
-
Target
96e157d43f885e4106071740f4c4e79a51acfa62b0fb8421c2506dc35e614378.apk
-
Size
509KB
-
MD5
6eeba2561a464e974f020cf7203a2671
-
SHA1
19f7d2dc3f4e2b7bc13a52b216984eee50e11fec
-
SHA256
96e157d43f885e4106071740f4c4e79a51acfa62b0fb8421c2506dc35e614378
-
SHA512
40d321e0b185cfd38bff4122c9ff5138e7f9a25aadfead9872c4e0e447763d17709e02122ad061f1d5f6d3d5e02058a15a1c6706f32d45854ea92e9fb7f85057
-
SSDEEP
12288:IQiyw6euwjsM5gPSPC+WFfdC26ZCj6VfCS1hROro7Ql1edAH5q1emwvynS:VTw6ZKRgPS/WFcBVfr1Dul1edAH5gemU
Malware Config
Extracted
octo
https://selamcanoonaber.site/ZDljMGYyZTQ3YWRi/
https://hava540derece.com/ZDljMGYyZTQ3YWRi/
https://cehennemdirloo34.com/ZDljMGYyZTQ3YWRi/
https://sicaktanbayilcam52.com/ZDljMGYyZTQ3YWRi/
https://otururkenterliyorum42.com/ZDljMGYyZTQ3YWRi/
https://sicakdanbeynimyandii2.com/ZDljMGYyZTQ3YWRi/
https://slmla6242nbr.com/ZDljMGYyZTQ3YWRi/
https://havacerinlii34.com/ZDljMGYyZTQ3YWRi/
https://havasarinliyorla234.com/ZDljMGYyZTQ3YWRi/
https://sicaklarbittikurtldk6215.com/ZDljMGYyZTQ3YWRi/
https://pikniktupu2534.com/ZDljMGYyZTQ3YWRi/
https://robetcotraslros5234.com/ZDljMGYyZTQ3YWRi/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 1 IoCs
Processes:
resource yara_rule /data/data/com.restbook69/cache/bbyfejzr family_octo -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.restbook69ioc pid process /data/user/0/com.restbook69/cache/bbyfejzr 4976 com.restbook69 /data/user/0/com.restbook69/cache/bbyfejzr 4976 com.restbook69 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
448KB
MD5ffd4ecbbd012ea2c9333168e5fdc6994
SHA15624366ae7bd1e79d45a1b107289e5553c4f070c
SHA256809b2bc39e52535568e686bbc29f1bc835cba9aaac9661ea2d7b3e0354440984
SHA51219a0d09b1bcadfe40ff6f49b02dac9889c5d25b3eec934d7f63d46b356987338159eb1fd546ab72ffdfa3e5d59c1134e984a8167629ffc3d0607c8a45964a4d6