Overview

overview

10

Static

static

10

a75562cbf0...11.apk

android-9-x86

10

a75562cbf0...11.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    146s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    29-10-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a75562cbf046dce2a5cf96f34170705220aff1c04f72ac5bb4c9bbfb21d8cc11.apk

  • Size

    2.7MB

  • MD5

    4595b0dccd878798d3af2ba9469ba654

  • SHA1

    9e8c2ab279dd3cbe09d3c5313bac2a09e8a562d0

  • SHA256

    a75562cbf046dce2a5cf96f34170705220aff1c04f72ac5bb4c9bbfb21d8cc11

  • SHA512

    08a5298c568b488c29b1554e8951eb1aecbecdf7dad6ff0ec8fffa9e59107539d80561c154ba94f817d88809657a30e80b384e179581891b8db9fb6f4253623e

  • SSDEEP

    49152:B86Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQI:yFjEI4iZaUzYH99yI/

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://178.215.224.87:7117/gate/

https://178.215.224.87:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://178.215.224.87:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4485

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    1693f8f980eb517f2b498cdfdbaaa229

    SHA1

    569b886c26cc5b724a20cdf60470011bd7e9ce66

    SHA256

    c73bca09df98ae3f9e96a417e90b032c62b79e88e9ce30feb245fafacbbf4f17

    SHA512

    1650ffd30937440e1c3393b8c4ed621868bc3b53ca2fe571fe68ff8acd528cfeaa099efa771f3d5d849e6e837eb0d88ff6670d2843e4b2e4862dcd13960a5fb9

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    4c0058134489399baec9f4160b5e3d85

    SHA1

    a94a6d938b21366ec3cbb0e73ab724074f47fddd

    SHA256

    d718201387e5a89629d4149b8ea42475fc5a52c9fbc3f72bded374e9249dfb7e

    SHA512

    33f586c796e9c516c010c3cb6bc34d4b97a9f9a44d4522582cb154d665d7ce280f57ded122a395655ada180fe740c13fab61e98b4d67626f561fc1d0da0d997f

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    da13825160ab4fdcb1c2766beb4c2b06

    SHA1

    9e564a6b733158e4ca6a961c0a8ee134e275fabb

    SHA256

    8e9d2ab52fa8f90d2e97ab9a5c4252b84d634168153c9e29e07cf2c8c91b66bf

    SHA512

    ba7cc9e1b909bc3340d35b035d298baed8d069c0a567067c918eb9826b98512cafab1e94e94ed83369ee4623aaef2b5d682da9cb948ece81497c5ff59fac2c35

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    9597ca71b6d757ae2727083b7afdf9b5

    SHA1

    509cefcf6dc1c3043f6b1cf00907052a8710ef2b

    SHA256

    2260c63421aa0bcd31eb8d04f05a58dce21ebb8f5262fbaedc2fe4d0f881d6d8

    SHA512

    f31349639f6261a200422f15ecfd72d76849426a0e6fe43476e0f95420e6dbf81eec3ebeb3e5bb9dd8ccb2176691e32b9fbc5e7f7116bf21016b23568ecd4168

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    58B

    MD5

    723aee5b4ad3a4c9a0fa41d8019b42b1

    SHA1

    f3f62bcdfb40aa1f2e94fe949595eee07e821d99

    SHA256

    f308e423040defd91e8c448776d4166e80cf2c16fd9df0f98440e4ef2db5752d

    SHA512

    81554b5258212a1278396ddd045a4fb04a973628ed973330f2fd1a6ef4876fba3294beb2340b2a5c1e2427dd23f535d5cde2bb8773e9bb42ce3659d9dc2fbedd

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    e822fd62a7a9711d054cac786d8379dd

    SHA1

    0504894db61a8ee9897a5a6fcf504f958f531632

    SHA256

    f8832964b673372424bbe98c41510e8d7961cbd1b4203acac81d8f323d9cc368

    SHA512

    a031bd2cbd0bf96b6e7f786c1d704e7e4e575ec2f4db57f0cadcd5147869b798a0b719a27d8bfbac24a57f18755ad3f1713ffda3d3a3185b2483d92e502138ea

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    b46d85daaff4e39c59af2475a1f69975

    SHA1

    9c2159847196d16e4c4005936ac5dda5248d12a1

    SHA256

    febf31de860e425c57f969435c821a1c0c3f3d000fe115a5a1b0752574005058

    SHA512

    9805d16694164833e891ae15a2964d7a739282001eefa04ebe8f89884cdecbad3185b72623cd35efe10fba41af2be62ddee92a46ac2140fba0bbc0f57e29bde1

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    bead1809d91395b27ffae557e20747fa

    SHA1

    9b34cb5199ad97310ba51077ddcdc92e6a9aedb2

    SHA256

    069618dfaef335d0b59c31f537202ea65f7e9cf42647b0a2360d000d2df28145

    SHA512

    4767f3cb6e52b1128c7adf5d4a0b1dfdc13916c1bcf962cc0b1afbdfacf48040466b28428b84ff9a9ce6e395bcdd7c9645ebbba0a17aeaf1a7309d8ba3c25417

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    7056cee3f98aee5337b37ff1c5eba55d

    SHA1

    282a2477299a975683d8fae915a534083879df71

    SHA256

    cb80808f771ef4217b12bcba013d8bbd04136806789d8821442ea84b88c2815e

    SHA512

    a2be91e67e2205e52469daaa7b1386e9396bf2fe545247147cf2c5095237125b5b3ba7374149e657902028dc446497b616fb0ecbb01f732f886d046230ab5b5c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    1524ab868a49be78b9268494c0c25ccf

    SHA1

    a534bb5ebe6034ad056edec4bbd6bc9cdb2bbb8a

    SHA256

    e0068d0bb5b4888c61a0d69bfedddc6dc564889d99eac432064ed75cb2840fdf

    SHA512

    0eb1f4428bc8f50e4052df424e14b2e39743508e270e10eb01acc7b07c1245c14832fa11e8b6d7069b3d4db797895e0cfdd287219b21eae0a9e56e45ad40f039

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    2a9f5caa1781c1df52017ea2c01441eb

    SHA1

    143552834212b7cd9849a383a6ea45ae0eb70cfd

    SHA256

    bc55e7ec34bd751d85a8cd31d3d99ce280e46fb64c2c2fce8d5310b5b71d4dc8

    SHA512

    c89f6f14a61ff2b6ab130715f1a975b33409774d0f822c06acebb80d66ac1bf3c6d1da6934006454aadf77a5ed4ea08b0b8e58e004ef91b38200a345ffc7695e

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    8187531ac2c216192856526784eb9d4c

    SHA1

    965cb8abe0d8310b5c6332514acbb15cf4274088

    SHA256

    c0375681a62776173e4a61b53864ae1d50078fb98f496d72e8571e92da98dcd4

    SHA512

    62a6abcb7d6e020a803c147179f1c8f98189129bfde097158714423081b4a53126145a1b9caafe897a493f9d1c188ccc59a40e7a296addebb2fd32c796a648b6

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    58B

    MD5

    b3f427b7a740cbb915167e205007bd2f

    SHA1

    9ee5578af2e2f27051261f4abf7fb0228ab861f0

    SHA256

    45875d1a238e9d31234bef20f63ae08092fc78ed9c6342bd63605aca4496fc5b

    SHA512

    4701b3a4243e29454868c1df5973e29425acabfa38d68f19397e200f89618bf4a3c07a63fa51c1b6cb02d789fa8dc67b01ac47ad9cc7af40d78b87c77613c232

    Download Submit