Analysis
-
max time kernel
5s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
06-11-2024 22:08
General
-
Target
e265d980bb50c90579d711f6e6024c20270e0f0ac4d18fbb15dc95f0fcd13291.apk
-
Size
2.0MB
-
MD5
19a724cb95747a275680ea10a5e806ca
-
SHA1
8f23e50509d3aa66027f8b29397555e7b81729c4
-
SHA256
e265d980bb50c90579d711f6e6024c20270e0f0ac4d18fbb15dc95f0fcd13291
-
SHA512
8afe1e47f7c2244f55f6e2786799635ea62e880b8d85d954798f1ad8c573c8c778fdf9f5996c5a68b05331c74e67d5607c1986d6ab7d599be874f55c4664f687
-
SSDEEP
49152:WfK1LMhSRzNotpFtuMPsQM/usaBRewNBQJtGjB1/gJRIQ/w+5A10Mk:KKBlRzOzruFusaBRewN+tEn/gJR3/ZbT
Malware Config
Extracted
octo
https://uzaykesifveteknolojigelecegimizinharitasi.xyz/MDQ2MTZjMDhlZDQy/
https://yapayzekailegezegentasimaprojesi.xyz/MDQ2MTZjMDhlZDQy/
https://yildizlararasihikayelerveuzaygemileri.xyz/MDQ2MTZjMDhlZDQy/
https://bilimkurgukesifvedonusumharitasi.xyz/MDQ2MTZjMDhlZDQy/
https://paralelgezegenlerveyapaysavaslar.xyz/MDQ2MTZjMDhlZDQy/
https://galaksilerarasiseyahatsanatyolculugu.xyz/MDQ2MTZjMDhlZDQy/
https://sibernetikveevrenselakilliyonetimi.xyz/MDQ2MTZjMDhlZDQy/
https://gelecektekiuzaykolonilerindeyasam.xyz/MDQ2MTZjMDhlZDQy/
https://robotveinsanbirlesmesimacerasi.xyz/MDQ2MTZjMDhlZDQy/
https://bilimkurguvetoplananveridunyasi.xyz/MDQ2MTZjMDhlZDQy/
https://galaksilerarasiiletisimveanliksistemler.xyz/MDQ2MTZjMDhlZDQy/
https://gelecekuzaygemisifantezivegercek.xyz/MDQ2MTZjMDhlZDQy/
https://uzayzamankapsamivedonusumkalkani.xyz/MDQ2MTZjMDhlZDQy/
https://zamanmakinesivemultievrenselgeziler.xyz/MDQ2MTZjMDhlZDQy/
https://paralelboyutlarvedijitalruhtasarimi.xyz/MDQ2MTZjMDhlZDQy/
https://galaktikekonomiuzaycagelecekyolu.xyz/MDQ2MTZjMDhlZDQy/
https://bilimkurguvedonusumolasilikharitasi.xyz/MDQ2MTZjMDhlZDQy/
https://yildizlarveteknolojikmedeniyetler.xyz/MDQ2MTZjMDhlZDQy/
https://karadeliksiralariuzayarastirmalari.xyz/MDQ2MTZjMDhlZDQy/
https://galaksikarasivakumbilgeliksistemi.xyz/MDQ2MTZjMDhlZDQy/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
com.cabin.setup1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD5dc443168611de740aea8fee62050d94b
SHA17f797989f9c84ef25c40866aead8c3991ad45f07
SHA25606f9eac7d112370db9b2e558a98726942ca94a71063990caac8dd990e2b91383
SHA5122b05677a93091398889136903eb0a2336c89a98c58c0e500e0d42bf4cb464b183c042f79ceec9337bf3ec8b3d1cd630d9494208372a85f46a681a9eba641d7de
-
Filesize
153KB
MD549e44fe6d32ee928bbf3c1242eaa47a6
SHA1751c48ef1bd7ce1089646b89d036989deadf6426
SHA2564e6445db1baa64c494c6bd9e23e9d0648ae87db576d2744fc13760ee776a47f0
SHA5123d45cb396ed194933dd3aedb1b8f70b29ee03796832787d6ae6f1f298ee4728c3ac60e2312a92847868b65b4b70fc93309a9b255f9404ed9af2ebf28cec17ae9
-
Filesize
451KB
MD55f09276d76b2e7f478b6310d06b27e85
SHA1cd2f9b14053b0e92efbd1804a67d174f6528f2e2
SHA256563d9788ac67999ef084f6f0c8c19bde2a0abacf2d0bf4b2933c37f1d4db39f4
SHA51245e31d723d55ed75faad80a14b6695ba3fb9b0ef4d90338ad0883a13f011b44906425b6d80ed2bc6ce8b701cdbb6c61436408c5103a77555d1899e535bbf0eab