Overview

overview

10

Static

static

10

22f4e2bc64...09.apk

android-9-x86

10

22f4e2bc64...09.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    20-10-2024 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22f4e2bc6474fc01f604f1fe9454086f8fcdb0cbeb92eb98c53c097ec22f8209.apk

  • Size

    2.7MB

  • MD5

    39c286e8caccad73e3fe8b44c48d4d78

  • SHA1

    0aaca8eae8cedc6b2fd0ea056b19c8ff41c1e154

  • SHA256

    22f4e2bc6474fc01f604f1fe9454086f8fcdb0cbeb92eb98c53c097ec22f8209

  • SHA512

    3994ad9484add7872f77220a0303dceefba996d3c0734c3c235666e3be6d556b94a519f687584d4082b5efc538c575baccfac1ee56bc14fa896438aec2652dbf

  • SSDEEP

    49152:APurF6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQ0:APuhFjEI4iZaUzYH99yIZ

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://94.103.125.179:7117/gate/

https://94.103.125.179:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://94.103.125.179:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4646

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    850e8e0b8dd000b643f915a8e523192d

    SHA1

    c4f53f386a8b6c7a3ad740e411be06f070e3d0ab

    SHA256

    828fde9db3f05e3ac8138a820058164d52546e535e5fb372fed6d8f5b577557c

    SHA512

    4099b3e01fb55d0b9524e3ec3a3169b1511ae78a9e82461b8cc33747e17b82783ac0d1e9073448fdb9f362de18437a954223a0e7df870f430eeba5d02afddf70

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    7f330536ab5911f2735e54d507b2bec8

    SHA1

    c6c6a0084a2c3d2eaafd8aff2f411a88db293c59

    SHA256

    062df55c770a2c087fac94e569a2d457ccc8bb47b088f159efff9edfa2c4c829

    SHA512

    34d8ddd893190ee29c8d7c357532fc2c1b5847fc48a886f47df5fcf58a14c27ff812f4dc7b26a8eb5f8a03bcce306fb41ec48397bfff95f842e1d6378f856267

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    62187207ee5433873ef662f412664c38

    SHA1

    5bd26a8733420b6548626d35a20adb13c433702f

    SHA256

    2e62f13407a9b263e0b475f65e52ea8a8585bff742a6a74a7099ccb72938b365

    SHA512

    a20d42f0d8aef553ea113be88e58ae9c5eeea2933b06094a218ea0907f5597e54fa60cd03204b3b8634de66e7e684f538a2f7f4e89c858dea4ec6d4b45d6bdea

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    c317751fe7056f06005d692e74712182

    SHA1

    dfb3251f90e76fb07578df162e36bdf655b311b7

    SHA256

    a76f27dac5511f9cd56779c8db9d7f81aa6ce86e07c6f568e37fc480c12f8d6d

    SHA512

    0c87b46f64e264f376eebbe5564b5304a0446f0ff4602cc5d6a4acd0aa83441d87311cbfd71c88119798f08f15ac598f668827ae97928d5d24ea8d2e65c93855

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    58B

    MD5

    02aa5463fc86a33df0630a98c51a924b

    SHA1

    50f63d9941f69bd77ef581e118ba78e7c732278a

    SHA256

    94bc509651d919dce4eca8099831fd9e345b8a79840cc3b5816ccb06e9b18865

    SHA512

    dca6f4cafb8472506c54f3b03d44b193aef969ab3bc313613a3374da5dde3543ddc6ff00c7f77c75ffc45c6e55bfdec063b28a21da236cb5d72cd1e20c1ccf21

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    e7752c611d87fc2d338a526759f32314

    SHA1

    3d56ee163a9e2c5d995f601dc296107cef580e90

    SHA256

    97d7b22bdfd26a3df97b65e329ab4e5bf8fbbbb3cf252069b7e6653e10309fdb

    SHA512

    8ce68db44540989eed3634692dcf60b8458145339c17b1b905e87b01e13193a79dbaeb4477339405f54e9093f837da69c78f4028298dab6af65925493f27dab6

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    2ee4b86ad392e28c9019c9c13d8be1ab

    SHA1

    300c16a625ab8ae9164d6c56ca986250b1e4fedf

    SHA256

    3908b1c102014d370f8807ddca20af570f51c850ec8091f7a222e8dd9235fafc

    SHA512

    dc7f8ce39ff26eb866bd4e8f933f44267487c5b3bdfaf841d51786933cf8acf743773632c412038cb2d36687c032bd8b82f6aa1b4aa73f5b08cbbb962eb2b0cd

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    006ee98eb0db7154e343f48ca05c7daa

    SHA1

    76243c9bc3c16400f0fd998ef8a444d6ebce324b

    SHA256

    1b64fbba73d5b3bf586175be89905e08599e37827e7e41257c3ee876ea6aadd4

    SHA512

    e452c6b43ee42a1b35060bd06d68d4b4e2240acb1a97905fde316ec7da80834df3f26b163610545f0c69c95aa858db2ce5c2da45e0a475c594c59483d7593e0f

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    561bf2a55fedf54e17511c4bdbf700c7

    SHA1

    3b1ea859e476f44a0dad8cb2f693f3005c292508

    SHA256

    435396893411700112961c8fd4fd703d31c26afec79e73b0fa97f19f37026f7a

    SHA512

    f7c69d63267bb8f2f48b734f634b8be78ac15aaecbdb69208a14d6a55cfd8b40f5d3a59a39f396d08860fb3fdd29a3c5b4f04340c615ba1b490294fa15c11d3b

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    563d253f3279b2b26090aa643995636a

    SHA1

    171d460a720f092c3059937c4a7f717f6a544c50

    SHA256

    55f3c1d5b9ec9ca77aac306a58ca828062843076da245f3b7a6b5d7a3df6f5aa

    SHA512

    882a55c797ef507f67c481ff9e871ed7c17265fc42d0ab11f9e1690c7d9ab161df239887d89b642d6f005f02d1712993dd87c4091b6727c1b685be4f0b3a4984

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    7124a282ac530111ec2071ca4ff3728f

    SHA1

    7eba70d9d1cde22fd08422475fd1dbd4955fbc60

    SHA256

    b02a47bbb402ea5d506c54dd09b6bca570bcc6acbb5b206cd6ea3206cd147eaf

    SHA512

    9a03f1f3800e72aba6a574ab7a55330d36360b07b3236544b6a683f8eda6eedcde5f807e6a643fc7f5d6c5960417349fff9a6b96271691530aaa9a600570141b

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    826a46a5cd1ccb7db9477d15f1a1f1c3

    SHA1

    6ab2b2042d4778d49e2d331b80d934b671fe1b92

    SHA256

    67a8712dbd595a122f085147b8adbc827c8a2d05719ceb63d59e33d09c7b9006

    SHA512

    feaad738cfb5350e72e144e9e0b661d3cd5472f4bb019f1d6c874e6a87580c94c3a33a8256364543bc9ccc14e52e7a4ab5f373460b12360c6f7d97635478dd88

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    af72d0a494ab243a1a40a3940763462d

    SHA1

    1f220b0924b884f3d0398c30c9b05e3d0497965c

    SHA256

    3276fe70a335eb28d1f47c7b20d3899589d06f8a2af55d2cfd3dc3ef42132b77

    SHA512

    c1ba116489e33e30ae9ac526324476382cdb065c1c41b3d4c6e6dcf47f3029cbdd1082ae2b30b6678b45faea560a1fc74fe225cb5f10cfbdc0f3cb91a9dc0ca5

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    91d73fd0f282f8c8dc99e8dc0c564c12

    SHA1

    b525a045205e1b2dea97d16cfb7055f4b87fec26

    SHA256

    71138f4768162da76a1d3ac27348580d339a84d611c89a806c4aba32079bf766

    SHA512

    03fcb8f24f6ab4f3c0224d985f70570c94bf303912eaed7e9fa29a717510890a31285aab61607b41d2a9c52a8d41b25d0a8569143ca0ac6b031180e8beb3a097

    Download Submit