Overview

overview

10

Static

static

10

c7366dd011...11.apk

android-9-x86

10

c7366dd011...11.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    07-11-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7366dd0111a5e946e3acf74a2a59479d8d8119eb6253a6b93fdd4dc1594fd11.apk

  • Size

    2.7MB

  • MD5

    4d57635c2d078cf8662147f3b28170d1

  • SHA1

    d804758014603d2edf890da1dc45e6664afec5dc

  • SHA256

    c7366dd0111a5e946e3acf74a2a59479d8d8119eb6253a6b93fdd4dc1594fd11

  • SHA512

    db0f2613029f42a1598602598490ab76fadceac16d89838b2495aba272a3c2491682d31e6a7874839b0672f93fa3b7cdf0da5b7ce439ed743ae22ff5e1ea4839

  • SSDEEP

    49152:eGd6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQl:e4FjEI4iZaUzYH99yI+

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://45.88.88.100:7117/gate/

https://45.88.88.100:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://45.88.88.100:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4486

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    66B

    MD5

    55c9912e35c927ed45fd75271ccb5a12

    SHA1

    cf868614dd55c5a58e8cef2ed304c76c3ac15a9d

    SHA256

    13017d66d5e2d494606fd9e5020d533b781d72488d31e6a371eae8b7c68d0688

    SHA512

    df05e8a1543e6f6cf4a875174db7ba1e4931bb71c6038bd1cb6348be28dc9e02c6565c02397a1aa19c09a24117dbb6215e864a4f64197b1287be2e2806555b07

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    31b09b1fa53b4d9e66e24fd587e5f440

    SHA1

    515b0817b1c1e2c9188533700c19e48b5570fb54

    SHA256

    cece99325a864f6c97843f17a83709540a9369cbbfeb358e6f3004b4c489fdbd

    SHA512

    fc090760c16f872d9ca27b0b92511d9f99d2f1452b7e84c0c8577b18792463b52b6448ae1eeb846162b14575a3d290f1b1db61871fcfb8a1413fbbc15673408a

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    513c463345a24071f4405a67c396b722

    SHA1

    2c71f19c66692ec818b211dbe77852cec5acb23b

    SHA256

    6dd62fae54fc48b290de1232478e285331f46475eb294f06b3891a60006af485

    SHA512

    4d56547803e80440ad6ce8d23d5ab9061b6c28886add9ec2020aa66a7472ca750db1dc220110e47148b1d3da30815e4b78e9d195cac0c841b3dc6a001dac86d3

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    a8d11545a5c15cacc8b4c09eb38bb694

    SHA1

    ba82520ac8cf146bc096026abc49f7673f0c115a

    SHA256

    f114330a88006a50b73b92f6c4c54a42151256e830547a12fb27e908e0925d44

    SHA512

    cf5df7d748aaf371d53242e113027583b1874cc2a52e6d64c4e71a300efcff3f33f4e8611dd86a40f33fbd3ef0223e66fcf29695e4d9f6bb6f4db56eecd00cff

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    74576c8f2d70867f6ee96d921bbaca3e

    SHA1

    5e168c9c609f23748930d1a1c03fcb896dfa9eba

    SHA256

    59301b019a2f7c33ee30d3b3341313cd1079bef1664fb46876426449caa8b3b3

    SHA512

    e67eab2be9c15624c5d0b9f1266194de633051707af03350aa9f46b3ec1bd1006db7edadf211f148640b01d4cdd353e1a99dac164ba85f85e7e79bbffa3058a6

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    e7b832022d13d2ac6cd22a9c72794c54

    SHA1

    ed3fbd4361ea6b059256cc7973bf38af119f91e9

    SHA256

    57793c7f9498f87081c23959662a2ee9cc52ab75063fd5920ed9f4f42081aa3a

    SHA512

    01481d0e710e161b175e127471e4926c91597e5e833bdd57bee55e6048bc21d6ee4d06bb9d21050f742a02b5865ee88a9eb607d8e39b79bcfd76dad94c3e4dcb

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    a17ad22c17967a7793b2a5312c701d99

    SHA1

    9ba030ca38eb6b32005fa7dcb81d37ded22d9872

    SHA256

    e00a862a5a099bdc9d8c817529cbe43e6c5aa9bbae95137f1b6a9a88212f7227

    SHA512

    de29b3f7cb8b38675b828718ee4a8efa625c32805fd8d35a303ec4ead51ac0c342b58fbc6e03082b8c9dfaeccff9b6d37702f144c8b843dd6acd89092864eb09

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    d2eb74486ac9ec2256d252f892d00f90

    SHA1

    3e24bf86e59bfd5bc7f2a006218b81e2b67bf633

    SHA256

    2b8c11f81cb99e78624cadf2f0df1df3ffc0c6d6bc328deb7b40bd597705dc03

    SHA512

    d591fb2ed21dbb5c220eae9db4b44ed4599e9336efe95912a14e898d4a1fc18b0106ce04bfed8e41631d93ea1b9f588305d2eecce6bce1cbab7b3746de445bec

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    f34b6bfd486b1d531fc0ec8d4275fe51

    SHA1

    cc96a9229af3957a7ccd0bb2e74a6c3b3a76e0aa

    SHA256

    7696792a15a1f497e089a96c29765ccbaf9e2019afb0e33aa18c9d3dca9260ae

    SHA512

    6ef3278644ea7bb94cd19545b3742955ad80170c19fae1ce79b04474f2bed1717b19a9a55dad36f0e88871da731ba307769aa91a85d2a5ad753c46e0edc37ca7

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    5239613f529456dba03e4e89870b0f1b

    SHA1

    2dad9fb8ce38d04929d1da1c36e4ef2f8a123aa0

    SHA256

    4be8439bba1c380dd753462e844cbbe5440f8eef2c7f9f51f3c3715adc473564

    SHA512

    93d707043486d9f4c9c7b87880af6cd49eee3bdd68401c69ae6df2676abac160bdc829c06379fcdb02cffb6e4be71ad21006656a8e1f710ac12cef020d5b0406

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    2e61d6f3eec8677323e7722aa00c3dba

    SHA1

    bb6becd20c55d936dda78512ff65206e2a61c6ed

    SHA256

    7b33ff260263c5283087fc4de02c1bdc483bf0051e3680cd020c5c8819ae9f6b

    SHA512

    4b6ff23167c4347b8b069a60faf1dd0b82f6ec01a50402007a7b935e9504f7764788910ac8f2afdb4e0c79075f4c94f44d956269a1765da984073e4b997f57d6

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    b94ac49dec46ab04aa49d7ae0da3e6fd

    SHA1

    89b761a21a07d618c4474582d4d473e6a1374fc3

    SHA256

    dedc7eaa1b9705ccb3e2a9453392bbf4eeb69d0e3dcd4a2764a474c815a0a10b

    SHA512

    49e7a30157e4b3591bad43f35e4c65073cf14854106e223e90e71f75d7b6e6188f0a796c116775e692cd4398f05ea7450001f95a784a380471f796eaa89e2eea

    Download Submit