Overview

overview

10

Static

static

10

0e78c1ecd1...0d.apk

android-9-x86

10

0e78c1ecd1...0d.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    28/09/2024, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e78c1ecd12ce643b83547ae31c41c13b76adc330b85e0c7b58ab8468852850d.apk

  • Size

    2.7MB

  • MD5

    1918362cbe61a3e1abe907e14b3fc8fc

  • SHA1

    7350a425f1c4da61c67a19ca84439f22db97fb1c

  • SHA256

    0e78c1ecd12ce643b83547ae31c41c13b76adc330b85e0c7b58ab8468852850d

  • SHA512

    2b2d19196ccd3fe6d98d0ae19f9655983cd1732783a4f2d4750ae380f5992a6d41a391f387d56f563647cde964fe2b28d9c0c5243299a858a6660cb699ac070c

  • SSDEEP

    49152:W/96Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQy:WVFjEI4iZaUzYH99yIn

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://45.89.247.180:7117/gate/

https://45.89.247.180:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://45.89.247.180:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 5 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4830

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    8fe2e689a52440375f8a4c2d1f97b702

    SHA1

    3816b564f68db560b566b9c89764c38c9f2e9ec3

    SHA256

    f4e6d9ae50f9ece3c47f3d121876b07479d4263f9df7756d1965aaa5d4f1465c

    SHA512

    011d91f39550a14b67a7e317e67d8d848b1e01fdc385e5a4a4cb26384bf6f5b543d1356e8639dea6c3753496b7fb26289ebcdebe2721c8f0cd6500cfc5a8f9ed

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    c85ee9b8027bdb88589b517bdb9336c3

    SHA1

    189b925516424e98dbde4d695caf21d10e29173a

    SHA256

    8e611ebe177dbd69c47761ab4e84d7ce0d454ba940c78861decf5d716e09a494

    SHA512

    04ad087f7d114ba957d9d3db19fed6a9b474e96178d675d24f9a6032fa96f22c9d7f52d975659f8a071485cb9b8b3e8a7572124cd3c89ae2fa5a367a2535f3da

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    5f57ce4f80d3c000b610adc8dbab8be5

    SHA1

    3b1d6ae79efb3056f568ecb62c67d1b0bcc0d9cb

    SHA256

    aeef6d7552c031fa19122f55cabe31bad9c824a5be4b13c5f65d242e5d31636d

    SHA512

    36e9c119cc3ac844855a1290c21df15e6eb6d631ac4fce1159f15c8f941b47ed84a66e9425894a6ffcee2d56dc0c381142b17f19f5d15bc73e3bfdf5cb39e7a7

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    54B

    MD5

    bbb4b984e3528068b7ea864df4933a60

    SHA1

    7cb9a36f8d128967a9783dad5d0e478becf4dbd3

    SHA256

    06c53b946ab84eece446e5d402af11618d0a1518914289124d6a025247abbf3b

    SHA512

    ac1c05bd1adf101796b7dc42d38cc7f93dbbd8efe41192ca03bbfe11bd0508e8e984331bdb6c37fd84bfe7010e8cd83a40b6668ce47d13faa6ee89899228c7f3

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    86ab34b7c57a5100e98eceac98fb3ca9

    SHA1

    ac9688c004ad36468954b15b52dab5cbff712350

    SHA256

    b49e8e1aaaa5eacf127370f672a94de10e8923beb8ef92f9fdd8910fc3cead18

    SHA512

    e0c5c653de81650cffaffee749018f1e6f6ea9cc18ce1e0b2fea655bbbd800b78653c6dc91d6daadd62893f4d704df58b56c62cacbc63b22e5c8f8afc0fdf074

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    09002c4260aad6623b52d33ab83e44d8

    SHA1

    3bafd11cdb87ea0d5fd11a522f9b177c51436262

    SHA256

    710537c77bb9f63352a6ad9387c432a9fe752d881bd766b22cea2448affc3f15

    SHA512

    b21b1f0b1ef6f71a66b2d4c7c3060e370c2bd9a5660240bbd733df80709a5f365e2805794d25ee10cfa4d11b3d801e2c12c2069956e6b3e044eaa602a1c3339f

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    d67b9ef4b8eb09cd806746d6994a4fc3

    SHA1

    b0c5b1c8228b651578a93956c6638b66ed7a3b71

    SHA256

    0d2520a09a8ed7b9ef44ba61eea4f505c06bd9825b9544f1526bc89ba2d63e7b

    SHA512

    c94242d5edd8ad1ddf15e94ea186f73a5f0106af4ee6483b8bcf8763f6e96932216873b3655edcc15f231e26c4c6aa43b4d542bb570d4228df473c3dffae10a7

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    5d185b3bcecfe1f058e220152c27b43d

    SHA1

    830b939a3cd2d96e8cfc37be218909f2f5fc5bf3

    SHA256

    7f0fdc838b9f009988205bbfc8f0f5eb2549a01f9ed92bb31d3c0154dcd7507a

    SHA512

    311f997f2b3a7f9fe6820b11dc88d7def217e3e24bd9ee6452bcbc9c9d8c2ee51d6de0a9426452a41fc67100390cebbcad555d373624216ce9bd5fcc9246f5dd

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    66B

    MD5

    bf8936e89278200299736dac52b594cf

    SHA1

    83d58b79c64ce300d5eafde0cfba873e71786117

    SHA256

    285f137ec1f57ce662104971821b1203c25d5e6f2ca2dbd92b27fe760c3dd85d

    SHA512

    5a377b3c13ec257d1b446cb9c156a71c07c44eb14681152a44d856088e138db0d1645ed62f0a7a1f56124aff8b1cb38000159eee47a33d51e8c696cd622339fa

    Download Submit