Analysis
-
max time kernel
4s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
01/10/2024, 05:35
General
-
Target
0285cfc64b2965198c1b183af96c7f18fe514d64a423341f4b3a84696505ad6e.apk
-
Size
2.4MB
-
MD5
1de438f0d64b0073edcab662eb1b4c05
-
SHA1
97ddbd0b7752e3c78002dca20b7a7a90dc33ee82
-
SHA256
0285cfc64b2965198c1b183af96c7f18fe514d64a423341f4b3a84696505ad6e
-
SHA512
79cdaf4dcaa186375e2ff1ca5180eac018ff5d52343ba63950474359bc6aba01c5e0c94226e9033a1fff5ad5e4201d353b7744ea6773c8565157d26f76fef7bd
-
SSDEEP
49152:epRT4QDMuGUWbAwqi+rTMJlPz0A2babCYWxkyP+XiMRR4LJr/qPRixEResohHJ0B:2RsQDMwnT/MJh0x8CY5yAbb41r/AhRe4
Malware Config
Extracted
octo
https://dijitaldunyayenifikirlervegirisim.xyz/YjdkMWRjNTllNzZi/
https://teknolojininileriyeniliklerrehberi.xyz/YjdkMWRjNTllNzZi/
https://sanatvedogaltasarimlarincografyasi.xyz/YjdkMWRjNTllNzZi/
https://kulturvesanatprojelerindogalteknikler.xyz/YjdkMWRjNTllNzZi/
https://fotografvesanatgozlemlerinesinlen.xyz/YjdkMWRjNTllNzZi/
https://yemektariflerivedogalurunlerkulubu.xyz/YjdkMWRjNTllNzZi/
https://gezginlericinyenirotalarvetavsiyeler.xyz/YjdkMWRjNTllNzZi/
https://sporseverlericinyeniharaketlerrehberi.xyz/YjdkMWRjNTllNzZi/
https://bilimveteknolojionerileridunyasi.xyz/YjdkMWRjNTllNzZi/
https://egitimvegirisimcilikdunyasindan.xyz/YjdkMWRjNTllNzZi/
https://sanatveguncelprojelerplani.xyz/YjdkMWRjNTllNzZi/
https://dijitaloyunvegirisimcilikakademisi.xyz/YjdkMWRjNTllNzZi/
https://dogalhayatvetatilrehberiniz.xyz/YjdkMWRjNTllNzZi/
https://kisiselgelisimvesosyalmedyayonetimi.xyz/YjdkMWRjNTllNzZi/
https://yasamvedogalyontemlerklavuzu.xyz/YjdkMWRjNTllNzZi/
https://kitapvedijitalokumakulubu.xyz/YjdkMWRjNTllNzZi/
https://sinemavetelevizyonprojelerigozlemi.xyz/YjdkMWRjNTllNzZi/
https://oyunvegencgirisimcilergelisim.xyz/YjdkMWRjNTllNzZi/
https://fotografvegundelikgozlemplatformu.xyz/YjdkMWRjNTllNzZi/
https://yeniseyahatvedogalgeziler.xyz/YjdkMWRjNTllNzZi/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
com.van.super1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD5c42ce47f7fd339799743fd4f38df9b25
SHA1639237e03bab271b3a33f83c8eb9f77c119fa2ff
SHA2569a6cc907cf93c10f1f0f78821cdee75ca46bfcfbd5d5689eca1796fbafa29235
SHA512030c889c58d5696d860c91c36eaf24bc03760346a6ecd032e5203f6c6436aeedf32691470090dedd8e7d50267a33cb249ba29499b6b7a1691ae6cf9680879ebb
-
Filesize
153KB
MD56360812aa7ebf03e599c8eb80b4a64d5
SHA11e0147b351e25090a1b56f7b3a4cdfe09326bdd6
SHA25675f45784b6fc82d7a587b67972d13d0e363c67dd2ee2515daedab49c73adb391
SHA512566aa468d8037c042e4e8ce998f11556aec33f1e681638740e509efd260666283ca841c26fb6a5b9d1d7fde58b1e4f25d7ff66c6ca15dd5992f81ab3d90a32ea
-
Filesize
451KB
MD578893d2b3a0871f70e4db2e939d42cc5
SHA1734f850d7ec666cefeccfaf6b70921a52df8eae0
SHA256d32d78a92c28a3244d0dbe82eff6ddde1be53eefafa9123143a595a60537f134
SHA512d432758095a73a8a69af0b83cb0e6882446c920930f31ac2f497d98bbe6e1e7d6c5f2e95a19c22420d67e1c0253299253f1587e78e2dc7fb1e45230a71990c91