Overview

overview

10

Static

static

10

7996ef7f28...8d.apk

android-9-x86

10

7996ef7f28...8d.apk

android-11-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    143s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    19-10-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7996ef7f2894e279ce014507aa60db837afdc1e37ec43c06ace1cf77e582cb8d.apk

  • Size

    2.7MB

  • MD5

    be42bb7e2d7cd341c8035202b93b3744

  • SHA1

    69561ab7c2c13c2dcde1ecdc66efbbd95bd2c370

  • SHA256

    7996ef7f2894e279ce014507aa60db837afdc1e37ec43c06ace1cf77e582cb8d

  • SHA512

    aaece14a7c73e56b687219ed8da36c72420957b095beadc874174768e6ea9591a415fec410a235dd1df0a1688f6957ab76dc5839b0d29e929efcf0d4a4b0e79a

  • SSDEEP

    49152:Eij92W6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQ8:Eij92WFjEI4iZaUzYH99yIx

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://80.76.51.192:7117/gate/

https://80.76.51.192:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://80.76.51.192:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4505

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    66B

    MD5

    2943bbb9f3a4d553c6bd544593b2fbe3

    SHA1

    fafafe615b75d76e05b3b7d82ecee00165734043

    SHA256

    b700641e6719561448bc83c51c9b52c56140c4dda1592b2569bb2b226160ce12

    SHA512

    c31338dc545104fe3b935d5bc5e13837b6511302de0b8c1ac2b87437de415de95558077914dbc1e838b00ef2d0c870e465186221f779b77a890be77d49e433ea

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    12bb9d739ae0960d12b3820e514fa5df

    SHA1

    db72f5dec7899013b3ee5f89244dec1a3189fcfe

    SHA256

    adf3f7c26401630a72e56d83e22d1dee1f50b77d231314fe3c0a551edc54f1d7

    SHA512

    60da2b06e91adb7958de967d8c9f83f12549cbfa882d7550f2965ea97e94051e5e7f18c69eb60bb1d46e50056569b3110e6064a8db46239fd806756627b011d5

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    52B

    MD5

    7150b3112b296177996138c9db0b12ee

    SHA1

    e803bc91c6808a29e21dded397d6dc7587e3fadf

    SHA256

    a44d32047d2949dcada404d67101507bb69de3389ba8cfe46a2c62b39753a42e

    SHA512

    3d081d6029becb076ba2cf6d601181356129e59f9c7d5c3dfce085dc0d3a16d8c714f17e2042a5b650385cbc162100e6d8bcbd4ef10b2f6f97c0ab0c0a2c2f90

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    a78e27eef9b91f7cf3ce77c36c18cc7e

    SHA1

    222657a3b4e18735ed2a5380d545ba47ad58db0b

    SHA256

    f1dc315b8651f5cdc7a931ba0669533af7dd842c896d091a47d09a7c32ad82ec

    SHA512

    e23be66baef975514cdb0253af15b4fb3f0ce5bce2a98dae42ecb53b84d034a86fc31ffb3ac58c4e00d19be1898e3857aa7bb041e75b5d9c478e547d94df19df

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    58B

    MD5

    e16edf55ea4b7c949714cf5058052e88

    SHA1

    f816e76a828d5d7784648be9ddf7a038260cf6a0

    SHA256

    996b8e6c4f1a6c20084761a8f8457a3811f3aa4d695c31e8bc318a3d8292cb5f

    SHA512

    91d53be10b9f6886799b16ee7d37da0609e8a613e289f74b4f61ed1156b4c8681ad13018d241b060b5cd017ac101169104381ab08160fcf6036bb580540113dc

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    bd1e806aec468362cddb332a1fac6f17

    SHA1

    9ba0eb0f0448439a6a05c6656627d569ca8a039a

    SHA256

    1c9e0839a2df01afefacfd956873d6b44b1cdc69c7486b5f7756236b35f2a49b

    SHA512

    1c96131c08fda0bc5ccbc996548c79a21241221b9f1ac94aa40e59f7d7cca4560e5ce77219c52eead74f1e560aa04c5cd8c31d998a393cb23050698f2a040805

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    f9d34ccf4f3d6e822aa8bb7433ff7ceb

    SHA1

    91cacbba072481bfb14ce3db5e1146d6c2ceb8eb

    SHA256

    75b3f8d2c7a4b07f0dbf936987ad61fd5ea97ffa98b2fc6f861717c398b2c945

    SHA512

    7a73f07f9879c62f2e067b119a1fec1887c1dfd7b9ab25422ce63727a100c4a5df54895fd502e7c0db04daf0489966f361924fc4cc3aa4ad99797b03c9f0b797

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    6cfa380e0cc0956b7f6e77a95aeffd59

    SHA1

    903829ab685538b45ede54bd1ba4cd2287099b68

    SHA256

    914d76056156e90d3bf4b57c204f59e9dadfa86c5a47b8a3cce03195a9434fb8

    SHA512

    daaa1d98a174b40179f5f5f5e3a0ec45a6894df62f21e1c072059987491216acabe79a9b399e063a270ab004859c75f192c4b1aed504a035f69e1dc55f3093bd

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    7532ab64f8bca7f042d63c6fecae9510

    SHA1

    575db250e3557ae32ab7f11fb4fd822a5e1938a9

    SHA256

    0c73ec0a5a37f218912570a180704a1f4d05af8a04988e50bf5c934cbba8760f

    SHA512

    a941231f89a86d35913aa0fab9556ee8ceb261eb3a799eca5a411bfac2b3e8c148b93fdfdb3723080b9bc88d578b4f2c697cd1726b16898c283665e1ff64a80b

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    b1352043439be98f204b066b11bcdee1

    SHA1

    2b076511455ea085523d5730595dd6eb2f8dea26

    SHA256

    9d6d361c2adad29004d8dad7a6ba29bce5f7eecf788a60ac32c8ffc0ccfc3ea4

    SHA512

    363d831a2cae5ae10097ce3a3b1eb60bf2b5f316b74dbefb6a5544cb21d84b3553af0a86782f097fd967fbf0a63cd2f295160c63834368facd23bc3cf2bb86da

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    e11fd9b1cc1e705bea9fa26a1264c8cc

    SHA1

    31fbdbc581fc5ebe0879dcc0f2a844d2aeaa4296

    SHA256

    dfb14d7d70c75cdc05705e1899b04f6a2818ef0b8f6834555061a087a14bac23

    SHA512

    b2703c07629e9a294a26f0f9bced856b76b00e1c5c0b31b5eb8f556884b7305c1f5dab20876120ee3b8b7364e54c7dc1a465881aaa2a71bf5fe20c1fac37aeda

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    f481ba56a1e60c6edbccbb0ffde6e176

    SHA1

    919d2083137dbab8793f7001460d7b423920e8e8

    SHA256

    6380c9b9c5f92c96bc46a05e7ef57faca8ba8295a3f620df2554f1293710f298

    SHA512

    d061def719798fc812e0e4a5df18bb0015366e78dc626c1c57c2caad14c01fee567bd80ffe37983fe2259e9af4b63282c0feb9cb8684b17be005b1d6774cc589

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    f0e1c9c903fbdc748cb6f1064c3fc552

    SHA1

    806dabb409050d3176eba00ac3d2b01402cf9e43

    SHA256

    9bbd1ea5c922389685762aa8d288233eca871ffbe426c4a0ede6a3de97a2ee2d

    SHA512

    13a39b1f23cf23bfc152ecc7753e7cdbdda1b6e297fa51ef96723f8664a2b96569b41a387b233daa65e91cf09e663183e83b269db3fae97510452a5b0f361149

    Download Submit