Malware Analysis Report

2024-12-07 03:14

Sample ID 241113-1zffpszgmc
Target b40b495e3554009e71dd7c75ad1ae032972e9c154760c123b75de9450c1d2c91.bin
SHA256 b40b495e3554009e71dd7c75ad1ae032972e9c154760c123b75de9450c1d2c91
Tags
octo banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b40b495e3554009e71dd7c75ad1ae032972e9c154760c123b75de9450c1d2c91

Threat Level: Known bad

The file b40b495e3554009e71dd7c75ad1ae032972e9c154760c123b75de9450c1d2c91.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan

Octo payload

Octo family

Octo

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Requests dangerous framework permissions

Performs UI accessibility actions on behalf of the user

Requests accessing notifications (often used to intercept notifications before users become aware).

Requests modifying system settings.

Reads information about phone network operator.

Declares services with permission to bind to the system

Queries the unique device ID (IMEI, MEID, IMSI)

Declares broadcast receivers with permission to handle system events

Makes use of the framework's foreground persistence service

Acquires the wake lock

Requests disabling of battery optimizations (often used to enable hiding in the background).

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 22:04

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 22:04

Reported

2024-11-13 22:08

Platform

android-x86-arm-20240910-en

Max time kernel

141s

Max time network

160s

Command Line

com.patterncomplete8

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.patterncomplete8/code_cache/secondary-dexes/1731535528583_classes.dex N/A N/A
N/A /data/user/0/com.patterncomplete8/code_cache/secondary-dexes/1731535528583_classes.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.patterncomplete8

Network

Country Destination Domain Proto
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 7bb13903074567453981d0595033c23.com udp
US 104.21.61.203:443 7bb13903074567453981d0595033c23.com tcp
US 104.21.61.203:443 7bb13903074567453981d0595033c23.com tcp
US 1.1.1.1:53 4b6413903074567453981d0595033c23.com udp
US 104.21.61.203:443 7bb13903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
GB 216.58.204.68:80 tcp
GB 216.58.204.68:443 tcp
GB 142.250.200.35:80 tcp
GB 216.58.201.98:443 tcp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.patterncomplete8/cache/classes.dex

MD5 cd20523dd08fbcf4949f9fdf7ca83445
SHA1 a79d6d6aabbaaca6f410e80df6961e23a0abe4d9
SHA256 a6ac95ce2e32e8ab1178fd06af53f4eab7d9834c0bf0116cec2cac8326b359a1
SHA512 760de46dac36d0335cd5c5dfed69ea84645bd1d95b2a0c9e49b63fae2bc0ba68d00d7088f77a3f8e4105aa8c1c566981cd6f974cac647e4bb5a99fb928e9d5ed

/data/data/com.patterncomplete8/code_cache/secondary-dexes/1731535528583_classes.dex

MD5 e7d08c7ed9e92e5905d7e78290f17897
SHA1 d279759c4963d7dc97c0b941e1d08aebd0768615
SHA256 cb173b53d5f75bfdaba8f47d7faa3879e0fbd01d2b5a014909fc72977c47a3ca
SHA512 16e9a8db88aa94fa0a4bbc18fbe8462034b32272ed3cf963e23a286c11defdb3f41ec4cf239dde4fa5b60761d3670bafc77a17dc33af70c181be7b35c3249528

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-journal

MD5 539d993b10e221a8d500c415b0d7bcc0
SHA1 2a57a1663e902028a33b57b80bba54f98b4dbcf6
SHA256 b3d50d4773919e97756c933e2a54388d32f25156dde26081a92359d3e9fef67f
SHA512 5262b4fdd1e3cda48d326a51593864df6d922711deab1903091f5e7f01d884f4afdb38017b3bedb23c351f4a0fe5852474b49c314358cc09090b3307923ed8fb

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 8670d6c5ae71431c35fad0c8dc84d70f
SHA1 33597f799a6fbb0b6b04ebcb99fbb266f615eb21
SHA256 87b86dc8e413e891c11fd9aa2d3ee82c703640f27170220d08aac37f80af1756
SHA512 a4692134ef9735b8cc45ffba2b48ac3f896b048bad80b3e2ab55157e789cac6c2eeaf4801009b4b7cb3d6296ac53637169eea9e71aefc319a01b1a7f0649db35

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 6f9b59599c154309239888ebca4d765a
SHA1 5c093d4ffc3394d642d8dcb84b24013576897560
SHA256 c732afaa0b771c786a10a490b7a6431df4864fd794b22b20e756aca614f10373
SHA512 2b46a2bd388f5458b27c4c59d996a6ba337348c8ca867ea115bee9bed094c9c2f8a26a5649543c1c6ed464603cc09393e48c9a694cf958642f0f90d69554992f

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 8fcac3219a5e7f7ebf13f691a534cb43
SHA1 1610dc40619ad67ae18d0838856a3c0f87967aa5
SHA256 2cf562df2a67219f2f3f4cab87c5ab862a3372089c2446e5edec9cf1e75400e9
SHA512 46411fef238caeef8a4bde68d075c6101ba3b306e15444c9d4a38a3440358e8fe5afa6faa6da97871e3bf81ff65be5a92edd197b7234a6096a56341e3a2721d5

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 025f0e4441c13aff54b31103b2e68b1b
SHA1 ab349cdee5ad77d6f7deaac5bb134cbb891639f1
SHA256 f74972e82055c505f4bafe6247caf6aa0a9ef98cebfacdfd3e589796211d49a0
SHA512 f8f062766f017a319157605b5108e0c924f973abc7f79482c0b82c0fc3412d7414c6df5178766d55bc0cb974d2bf171378c613ec545533cc0be64c2faca9fdbd

/data/misc/profiles/cur/0/com.patterncomplete8/primary.prof

MD5 a40a23c4b02a7dcb06e26cfad2eb98f2
SHA1 4e8c8e7b00577e0a522fd3381b76f1916aa3126e
SHA256 1c8722884bb1212045a14f02f781407142da56ca9eafbaaa97d72d04851cd447
SHA512 f982ee4f71be9caeb328f6a70bb27f32b6aebde403fb618a1d730d1b98b4efbcaa9129a865991171a7979fabef4c9bad08b78d7f1011bb7678a98137ef8201f5

/data/data/com.patterncomplete8/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 650e500ce26da020dc86bc89d63603ba
SHA1 8b838f6f79e66b39ae296b30bc9950b65916a118
SHA256 ce10d9815720bd89bab958d7a595afcb75e9e955511448e143eb55c23d35e8d6
SHA512 b589932673c3909295fb392e5b0b749925fd239bf9516a1c265336aea346cb89de27f1d5cf41f1074089ddd81bbcb8d31e4825f55c676efbb8808c253159bb6e

/data/data/com.patterncomplete8/files/profileInstalled

MD5 5b539355d8b3e55d8235c8a353012aae
SHA1 c72ace93bdb9cf38507e6a0a5631d3247c36a8fe
SHA256 8c0b1216df588aebdd57817fd06a0a6fb63da356226b1658a521ff429fea3700
SHA512 3b2a0948310fe2a2a145f6701b99a1c8eda3e6c046160c00c7d228730ba525a69bce0f3b20664f220e785f31c7c1dc07340f4ad2328cb52d5b70790d0386ab65

/data/data/com.patterncomplete8/kl.txt

MD5 4df0fab4117add8fe2ea9815a498e0da
SHA1 c25474c248e907d4004b1ecbeb671fe507890c1a
SHA256 301b0bf7f120cd3c0a8b8ef7cc5a6cd1763d6f1c3e6a73e0e0bef9624aefdc23
SHA512 18b78e3679d65fc46ea3b67b37b66a91c8c58e0d203b08aba743c565aabf3a95d25dacbfb8094e0d3997932e46978cd8a2f71e6f784ea4dc505fc1d0507e0153

/data/data/com.patterncomplete8/kl.txt

MD5 057c18be615b67a4d9584b66ec0cf47b
SHA1 c7686abf70f5b83784097aa19ced209a6331cd01
SHA256 0bb3a7d03b8a686254227478d613da92b913aea26c9741d1f2d32f10af2f34c1
SHA512 2a05b7b72bbfbbe3a89576cf7bc87a17054051fdfe4116dc93ebe5f86d35b5c769ec6479475c09efa6604dc6a9456435e8dfb25e1c87297bbc5c7c641eb70d3a

/data/data/com.patterncomplete8/kl.txt

MD5 f5f1759e689c736ba2b4da36808e0cc4
SHA1 bfcbb5c09e3ded95fa77d89d8dc9fc96bf07692e
SHA256 9a7c00ee601473972447bf578f5efea3d15fd7e4f64fe9bd0baa1270d76fdb4e
SHA512 26e54c1981994b6d4566a7d77fdf48e7fcd643426fd28987736beb71f5e2e0e119d3027272cb40ad3972dcde912addacd51cea910aadd2c1ebf87bdda6c1f3e3

/data/data/com.patterncomplete8/kl.txt

MD5 f2256d6fdec188de6405bb796fcc0cf8
SHA1 4d13ed2c36c06a92c7b670fd5b807e0364377c1a
SHA256 b8e398f4551655828d0aa00b54a4f93ea47b66cd31801260957ab176fde2b227
SHA512 cd008cf202301e93e115c2476d61b061350c7916cded0e1d16d817daf00b3de4a56fe219a4625ce2c790eb565d07b3f765d05cc941cc1b2299eba0e3e0d965f6

/data/data/com.patterncomplete8/kl.txt

MD5 045bf691fa8d45a8ff3d0fda5ec13786
SHA1 6876f6c59f9ca7cf5a8be504015172a766a964bd
SHA256 557ef68cb69f0b602d10d1c8f0fe73fa7748bebcd8f1a77328d5a739058ce3af
SHA512 6dc97ce1ba05d56aa8e9bc3b4a519e50c6598002868d45fab088d6babe01e286d65af6f4ad95922c9a00298f40c0fd63ebbb0bbc9ea45ffa3ef8681ac4677356

/data/misc/profiles/cur/0/com.patterncomplete8/primary.prof

MD5 b9d9e0f8902d129e1aeebff0ae7b725b
SHA1 cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA256 25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512 f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

/data/data/com.patterncomplete8/.qcom.patterncomplete8

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 22:04

Reported

2024-11-13 22:07

Platform

android-x64-20240910-en

Max time kernel

148s

Max time network

151s

Command Line

com.patterncomplete8

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.patterncomplete8/code_cache/secondary-dexes/1731535518720_classes.dex N/A N/A
N/A /data/user/0/com.patterncomplete8/code_cache/secondary-dexes/1731535518720_classes.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.patterncomplete8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 7bb13903074567453981d0595033c23.com udp
US 104.21.61.203:443 7bb13903074567453981d0595033c23.com tcp
US 104.21.61.203:443 7bb13903074567453981d0595033c23.com tcp
US 104.21.61.203:443 7bb13903074567453981d0595033c23.com tcp
US 1.1.1.1:53 4b6413903074567453981d0595033c23.com udp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 android.apis.google.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
GB 216.58.201.98:443 tcp

Files

/data/data/com.patterncomplete8/cache/classes.dex

MD5 cd20523dd08fbcf4949f9fdf7ca83445
SHA1 a79d6d6aabbaaca6f410e80df6961e23a0abe4d9
SHA256 a6ac95ce2e32e8ab1178fd06af53f4eab7d9834c0bf0116cec2cac8326b359a1
SHA512 760de46dac36d0335cd5c5dfed69ea84645bd1d95b2a0c9e49b63fae2bc0ba68d00d7088f77a3f8e4105aa8c1c566981cd6f974cac647e4bb5a99fb928e9d5ed

/data/data/com.patterncomplete8/code_cache/secondary-dexes/1731535518720_classes.dex

MD5 e7d08c7ed9e92e5905d7e78290f17897
SHA1 d279759c4963d7dc97c0b941e1d08aebd0768615
SHA256 cb173b53d5f75bfdaba8f47d7faa3879e0fbd01d2b5a014909fc72977c47a3ca
SHA512 16e9a8db88aa94fa0a4bbc18fbe8462034b32272ed3cf963e23a286c11defdb3f41ec4cf239dde4fa5b60761d3670bafc77a17dc33af70c181be7b35c3249528

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-journal

MD5 e857399de864666f004027be54f441b2
SHA1 30f133227e26594474777140497a2d192d09e8f2
SHA256 c116904c8f0005b10ec593847a1286b2f4f5427de1cf326110a9a071c1ed1d9e
SHA512 e21153145c067635870c6c88f91b9d89429cfb9f9d679dc8b914a60433345e1b03363bf390aaf3edcb4a920d529bc62684f6caeb3243dba8c97bcff0ef88e1ad

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 d49ce474b647cf75fb5761d40f9e0357
SHA1 616582aa1a54d7832d3a31bbc87e4f1eed29a589
SHA256 d964b9f27926e86b32d939e2f4fde6e49013fe0eb151b34d808137c312752eb6
SHA512 a7ba58024901c2d9c60212ccbff337e5fb1c4cd69aeacdf63c4f54fdd4d7914091666b30bbbbb998ee622b10849770ce4c8fe5070780b652b11478b6fa7992c8

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 d6730019d37987af511d35337e79ab08
SHA1 a64a3e5fbe8aade0746045e8a9b87b86e4c576f3
SHA256 6e20728c742ab1f1c9c5c9dcb57021b905410a3b03b3e554a3f5929c35fea6b0
SHA512 e1891c004d0476e9dd8ae3e8394516e62532c2e2b6e54499ace93ccc3974b0cbf156e6e92a24f30efce99455f6a60256cc4a09de78a571b40c7e11db6d88fbd3

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 16e433d6b2b94366f6cf28f23369aaf4
SHA1 0cdfc44cc3f1f90a260b5440c380dbc2112dd5e4
SHA256 2ffbe4e18c9b684921c671f6b497bc2de48891c358362c8eed8419fbfc4351fe
SHA512 18062f4e42b729c26fea9675164d14cfb126666ca87d4be4af8ff9bfc409b077ba200f2ab7d9074357593d71f79f9e74db2711bbff6c16a602541a46125b5b5a

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 a2d313baa520121bc7b3614ef42fc29d
SHA1 b2fad37d28c4d2b1652a7f7cf56984b95c1bb945
SHA256 b81c6c85494f6060f441cb79937ae1ca50ea43fa5d8909f36444b932edef143a
SHA512 f626134a10678927f9dcae14f8ca40b85350c356136418f22e2713df112242850213f458fb7427c3cffc8845d0ae2558a7eba0c8bbae6c5409620a0151792cba

/data/misc/profiles/cur/0/com.patterncomplete8/primary.prof

MD5 a40a23c4b02a7dcb06e26cfad2eb98f2
SHA1 4e8c8e7b00577e0a522fd3381b76f1916aa3126e
SHA256 1c8722884bb1212045a14f02f781407142da56ca9eafbaaa97d72d04851cd447
SHA512 f982ee4f71be9caeb328f6a70bb27f32b6aebde403fb618a1d730d1b98b4efbcaa9129a865991171a7979fabef4c9bad08b78d7f1011bb7678a98137ef8201f5

/data/data/com.patterncomplete8/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 82e564a23b7486a244d205fed25d60f3
SHA1 ac00bdbd5833758a461eab197d25e40b65ba0163
SHA256 4b8fe0d004a1d2940a5a924d2baaf1098d9bc583f6d7e1f3b83ca331a5b5a0d8
SHA512 21f6e0f96a651bd514e96884d264f0ee805377151133aa7935b2250580e43ed6d33af7a174f68a24768023a91d2bfd3bda7baf78c69f0064872f076c1a9b6ca8

/data/data/com.patterncomplete8/files/profileInstalled

MD5 06e54c10208e292e9846abfa75a0e198
SHA1 976a1b86f586dab4a804963e65cf8c92264c8bf0
SHA256 c6cbd4f86e5daf67d0358b6098a3cd34ac1778cf61ffb4c380ab8d5ed83f9bb2
SHA512 38ef80b47c61734828ac42ecf36560ac8d1fb431a73adfcd0097ced140a8c838f326330e33e87e778b6e4416951b73c818c3d4d8153ef516d824e234e9340d59

/data/data/com.patterncomplete8/kl.txt

MD5 b11e32322aec43ef9227e15e12e35416
SHA1 49016539ec870b2fdf5c16ecf61cacff124aa8c0
SHA256 ef2409f61c3e2f3c979bce6d11a0023e5ba91d32d9c82cad9fc0544f5746d3c7
SHA512 949c3252d083c840405f61021fcf2d27807b0649ca0e0d55b71e8598025be113526a06cf7c812eb68c4b29bbc8892586acfc740f09e915a456f9d62500617f9f

/data/data/com.patterncomplete8/kl.txt

MD5 a93e2cf45bd3f70b654d6800f20fd80c
SHA1 6466fccf37d8da2b5fad5e96ae2d96365403adc4
SHA256 32decb08d8161580e556be30293fac2b5fb2c850ea6186b5c84de814f10f7123
SHA512 4ebfb9aaa1a2c61a958193715318a1890613910d2638c66bc74456882b016a27f82708b3e71d0de49e66cc6947ba0b9bb8c45d50fb356790b15af12e99e854f8

/data/data/com.patterncomplete8/kl.txt

MD5 00dc4e6a2ff6f73bb23494f361c9d6b7
SHA1 1f08e77537e4fcd0ac5420d85bc64d0314788410
SHA256 e286caa5e86d6d0c85fbbc9debed7cc51b50b62e0f1af3872b6d7365ce5de018
SHA512 4108e0189d4f86d39f0a5bc00f6a010cceacca7ebbb3d0b962616f3c8a8fb02d511027d989efc6bd640260f7598b8849b95225c58fc0ec9f6903836158002243

/data/data/com.patterncomplete8/kl.txt

MD5 a17aadb1c6b654c0588c1218df352d6c
SHA1 b435b1c59043027bf9f2190aa85e4a164b6cb898
SHA256 176b2784a6cc01f4d09723b25d6de7b6a31f2a705bd7c2a0041ff02a2cf5295d
SHA512 52049eb2b79d041d2c5a20cda6d4cb3d5669b23a4de096fa72775bd85b1540bd89b9d3ab9249c20ca51531037feaac59a38d6844f7ff284b140ee479c9d59837

/data/data/com.patterncomplete8/kl.txt

MD5 50d132f84a5ea7d578fe42062049e116
SHA1 eee69eaf9d61a2c5a59e808794e2651340729782
SHA256 e1f35ec32a518fb1b0eefa06bf505de1b7122486aa9b3c7165af7bc21da6e69d
SHA512 dc7c885000fe0c9d0c01bbdf52638295cf09fe32d458f4a979044a2e327e6a80e9c6d489639d4491c8d4076a4f65c8d36f28ae5a500e6d513b2e8d6bd19e8548

/data/misc/profiles/cur/0/com.patterncomplete8/primary.prof

MD5 b9d9e0f8902d129e1aeebff0ae7b725b
SHA1 cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA256 25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512 f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

/data/data/com.patterncomplete8/.qcom.patterncomplete8

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 22:04

Reported

2024-11-13 22:07

Platform

android-x64-arm64-20240910-en

Max time kernel

140s

Max time network

159s

Command Line

com.patterncomplete8

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.patterncomplete8/code_cache/secondary-dexes/1731535524023_classes.dex N/A N/A
N/A /data/user/0/com.patterncomplete8/code_cache/secondary-dexes/1731535524023_classes.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.patterncomplete8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 216.239.32.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 7bb13903074567453981d0595033c23.com udp
US 172.67.214.114:443 7bb13903074567453981d0595033c23.com tcp
US 172.67.214.114:443 7bb13903074567453981d0595033c23.com tcp
US 172.67.214.114:443 7bb13903074567453981d0595033c23.com tcp
US 1.1.1.1:53 4b6413903074567453981d0595033c23.com udp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
MD 213.159.75.106:443 4b6413903074567453981d0595033c23.com tcp
GB 172.217.169.78:443 tcp
GB 172.217.169.33:443 tcp
GB 142.250.200.1:443 tcp
US 216.239.32.223:443 tcp

Files

/data/data/com.patterncomplete8/cache/classes.dex

MD5 cd20523dd08fbcf4949f9fdf7ca83445
SHA1 a79d6d6aabbaaca6f410e80df6961e23a0abe4d9
SHA256 a6ac95ce2e32e8ab1178fd06af53f4eab7d9834c0bf0116cec2cac8326b359a1
SHA512 760de46dac36d0335cd5c5dfed69ea84645bd1d95b2a0c9e49b63fae2bc0ba68d00d7088f77a3f8e4105aa8c1c566981cd6f974cac647e4bb5a99fb928e9d5ed

/data/data/com.patterncomplete8/code_cache/secondary-dexes/1731535524023_classes.dex

MD5 e7d08c7ed9e92e5905d7e78290f17897
SHA1 d279759c4963d7dc97c0b941e1d08aebd0768615
SHA256 cb173b53d5f75bfdaba8f47d7faa3879e0fbd01d2b5a014909fc72977c47a3ca
SHA512 16e9a8db88aa94fa0a4bbc18fbe8462034b32272ed3cf963e23a286c11defdb3f41ec4cf239dde4fa5b60761d3670bafc77a17dc33af70c181be7b35c3249528

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-journal

MD5 9977f801664605eac36ddbfac7de1c87
SHA1 aff94dc5341aa24bb33f73635487afbd2888a649
SHA256 f64574c6055aee6d9ac65cdc96ec69c86031bb6b180f496311c133d9216102b4
SHA512 f867cb434629e9ffcdcdcf905edd5a3a4bd7f04c41fe60fde88a4fa7c840adefc5e065ad5fe90b6b3d36ce476d0d162bb03fcc918ec4f7d07579a28a1a567903

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 30e8ac5df9684f737ef87744e5ea5c83
SHA1 ca7393fe2a5ff958a3fee3e4e8bb18c9b52c4e40
SHA256 57a37018134dc79f73e4354ccd01fef0ca51bfd4b7063799456fdeb6432f5dc2
SHA512 08c067041417422228ef2a4fdea5c9e69aa5a4759cd98f32830e7d1528b1b930c2a0551291e18e06f675b5d971c5cae76332fd8048c249bab8c9006991e35931

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 1a7658278aa90f58be5d8f04faa89cea
SHA1 e95d09d41334fd10b663abba1588b4a05b25672b
SHA256 73d235e2b8ae63950d99767e9c6d4812991c3023e46e69003f90d7152a64ee30
SHA512 7093135f5237d7c51b9479155ea188dee4a15ad758ea6c856f4e17e76106cab81878e6b3abb1e24ca6c4b9a11860e9cec4bfe320a9cb9c3192b8c6e39c3f7cd1

/data/data/com.patterncomplete8/no_backup/androidx.work.workdb-wal

MD5 136b72e2e632b6a7aa5543ae16724d0d
SHA1 8c4d28ae8318a8cc332bb26b1733ba1205e4fcaa
SHA256 4e81350e48031e866243cf82354fab0011c44412bc3d3672459de1c8cdceaafc
SHA512 c9d801c77b1c9f1d09b943fba5f13f862ea1f026b38b2d2aef64dc69e4126050470dca7aec720c71831665c7161c93bb3e2abe9983dc22574b917bc40020adaa

/data/misc/profiles/cur/0/com.patterncomplete8/primary.prof

MD5 a40a23c4b02a7dcb06e26cfad2eb98f2
SHA1 4e8c8e7b00577e0a522fd3381b76f1916aa3126e
SHA256 1c8722884bb1212045a14f02f781407142da56ca9eafbaaa97d72d04851cd447
SHA512 f982ee4f71be9caeb328f6a70bb27f32b6aebde403fb618a1d730d1b98b4efbcaa9129a865991171a7979fabef4c9bad08b78d7f1011bb7678a98137ef8201f5

/data/data/com.patterncomplete8/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 2da7861d3c7cae9c9d9eb3bf1a9e1ec7
SHA1 34c9255c4b3b2f8d1b1ec5ba51ff80a35a3c2c72
SHA256 eb57cd6d6f715e6d8c1c67e94cccef877022066f6f4dbc9ed30d72e390a9a46a
SHA512 fd2b85d87d75181191cef68720cd4ccfad959554f7fa5c533fc6f04e5e57db5707810a27288f0b3567602312ac55aa5da22ea5c126a79f007f95e7db7126eb4b

/data/data/com.patterncomplete8/kl.txt

MD5 dbd37eb39fd4d8c5d2f854753abce4b3
SHA1 3a402a626e654f7ed393b1688f7d1c80b191f030
SHA256 bde2d5d3206ef54d0807c25161d1f1ef8968f54fdfe36751a4de1b71c145d364
SHA512 a91f62cb05071e7e3496e5e6e30c4ffbead9f6253f6a7e156f5bb11a0a56619a586086cc845b07c1cec5d03dca2ac945f9d1e873c6af21ec73cade201825b3f9

/data/data/com.patterncomplete8/kl.txt

MD5 0c94d758c3f64f178590b33cd57bfd0c
SHA1 33f46cd41b234c55ecc2aff4d35a0632f54695b0
SHA256 806f9d1a73d82662477f79d4aa44ab2b56c7d238192aaebce492e6a13fd74bcd
SHA512 35a69457b89e29e8345c6dcc697de91ca731a58b8bd08fd222c2299870c9be57b7d886af7795e7a62e928890488a87a7a6d10bf947793c36ad630177a251dec2

/data/data/com.patterncomplete8/kl.txt

MD5 2864559d5de1c43ad2bcf984128e92fb
SHA1 d84ca48abb474f4f1875dbd85f8cdd08b4893b4f
SHA256 74512f9f9323b0869284464043755b8f080722d626e00a3094943a94c3e5b423
SHA512 7e65451abbfca432d836c3f984f9f5c0aa8ce9e647e355721750355ddd8429360ed49a20aaab06f259ab5f23db47c6a5675062effa2af1de4a404ce7d96a64be

/data/data/com.patterncomplete8/kl.txt

MD5 b857b09f05044f9ccefeab9fc7bc3940
SHA1 8272a6ddac4ea0820f019f60e6a28a9f3dc82ce2
SHA256 212fa9e9b1bf18833162aff14ad99105aa34b773cab5829a6fec980ddeb5bf77
SHA512 7f7999205476da4c26558952dc3528f338431e9247e3a90c7c5d0bfdd55d054a50a51a1c0d78be74643c365544253cc36d80e7350d35ccbfb110d9d14ccb7a42

/data/data/com.patterncomplete8/kl.txt

MD5 e1a123ad78af16979650c0a0dedc9463
SHA1 ca1c21f36d5e52958b1966806a933fcc17601140
SHA256 fc6f0dabbb0f01e0d362562bd0ccc6a5e43010f17a75566238c9f129cf5ed324
SHA512 70b2c8448d69156990503836def803fb651864e3d523b95bdfac7daba5a036f41a2b613299616908cd1981d6548c9fca2226539d3ebb731e4b525e224f917f07

/data/misc/profiles/cur/0/com.patterncomplete8/primary.prof

MD5 b9d9e0f8902d129e1aeebff0ae7b725b
SHA1 cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781
SHA256 25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91
SHA512 f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

/data/data/com.patterncomplete8/.qcom.patterncomplete8

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c