Overview

overview

10

Static

static

6

90d134fe45...9e.apk

android-9-x86

10

90d134fe45...9e.apk

android-10-x64

10

90d134fe45...9e.apk

android-11-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    15-11-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90d134fe452c1fa52076c9d9e23d115f08c279bc8c8ec32a192117578e71f79e.apk

  • Size

    605KB

  • MD5

    98d0d38d446ae7f4dfe59917d04b65f6

  • SHA1

    ec1d8eeb42f26ab03216334c615de74447b8ea45

  • SHA256

    90d134fe452c1fa52076c9d9e23d115f08c279bc8c8ec32a192117578e71f79e

  • SHA512

    6e987bfdc119c5bd43b85d656918798a9dc61bd960f0641cdc6568b5eeb6165359a9b7fe5a343c7802fbd428ca7b84e9089e0dbc7a0c49caf1a26475a3b53c0b

  • SSDEEP

    12288:OP0xl6DH6gM8semYIWU2pLjr2IBDfTgSSxf+QXeLmts4hDLrMhdIm3VKZ:OaoeB2IWxLjHBDTgS4+CAmtsIzgdIm3I

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://7bb13903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://4b6413903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://34b6413903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://64b6413903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://74b6413903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://894b6413903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://94b64139030754567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://94b64139033074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://94b641553903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/
DES_key
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.completeremember8
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5002

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.completeremember8/cache/classes.dex
    Filesize

    447KB

    MD5

    55a9581a83232f85c541fef828d52e31

    SHA1

    1d330262fe57e17c36ee15b5ef163db8a49a99e2

    SHA256

    837428bf0546218256a320d7f751e9ac5695e3b3fc4c8d99d51a863ea28651df

    SHA512

    d0131daf6c68b3be38b7aacd8401864584d546b72e7bd0bf327ed8984abaaa531cc0c78e4c1c6996d8a64943ef93a0ab5929a0b421939835af6d3fd38c7b7488

    Download Submit

  • /data/data/com.completeremember8/code_cache/secondary-dexes/1731708026101_classes.dex
    Filesize

    1.1MB

    MD5

    ffa252f7a4b4c98e5bc5e7e3575bfe64

    SHA1

    b37a7297d75b296af758756f2afbc6bc15c96b39

    SHA256

    c6152ff2121c749c50885129137c922470094c42d9d353eadf5ab8d1df574574

    SHA512

    de50eaafb76e1900f2a31178037174f804113f80cf3dc01960b072d8543caa806d3d8786eb41ebf1812ee363a748eece03759539cbf6454b78f803c34f8e638f

    Download Submit

  • /data/data/com.completeremember8/files/profileInstalled
    Filesize

    24B

    MD5

    2d102d3a00fd1dfd9a1d3897b542db44

    SHA1

    f1d5cb7f4820f76d363e14b22c2df1270e5fe72c

    SHA256

    5590aa36af0c68ddb01f36d667765b4b697517fa8b8cd981b7016e5d4821f5d7

    SHA512

    c16ffcb03ea9067ee7f8c9f9fa32dd835d22b9c024f7e64883c0f4c6413313974d2c8fdeea69786a116357d3c10196187e863f56cffe949d73711d9d25fbaa87

    Download Submit

  • /data/data/com.completeremember8/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    f1fab6312f370450179ddc6b8089e5c0

    SHA1

    ec8105830396580ba8287f1f62e41c413578963e

    SHA256

    c10711dc058667734974ae289c3d135af1612971ae4c2798ba8ea679f1c3e69a

    SHA512

    924e53d12134d8b55fc1e5445b550bfcd028ec804c2ba67321223391bebfd8bea335ea615c2ff62c90ca2012f8bd0ffb2f90dc9f7d1e769aa54ae3e4d15a779c

    Download Submit

  • /data/data/com.completeremember8/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.completeremember8/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    f55ded2195ec054110dc06d29d37cbba

    SHA1

    3d9f2578787827f184ad08f3a471ce5d49c4e176

    SHA256

    d2c451d405cd9269831c79aae082a811d553e77b9fb46078e7b5d9e2fd9c4525

    SHA512

    3abcdd6943a9c06cc43424e8cd0955a2bde3de42d97d7c3d0d6068af3e2cf9377ab49dae2e78dacc0423fa1f5e6bef9c32fb5b1d546bff79aad31aab35f02278

    Download Submit

  • /data/data/com.completeremember8/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.completeremember8/no_backup/androidx.work.workdb-wal
    Filesize

    124KB

    MD5

    372d988e9ef0008acc3055afa05a4883

    SHA1

    34e13f3fafc356d5e5aed4bd26589dbec74d7656

    SHA256

    3a28cb3c580cd658d1aaf79206bbbf588445a5949e3019691c32f6464868c9f4

    SHA512

    49a0eeed8a3e1f78e9dcbe20f0efcfc771b96a84facced88a00f198431923771e7585a47ea489b6514f55a6efb6a379920d437ce8e90f0a88f7c13f12ccf1a13

    Download Submit

  • /data/data/com.completeremember8/no_backup/androidx.work.workdb-wal
    Filesize

    177KB

    MD5

    db9bf8513d64bffb73e361c6d3fe24dd

    SHA1

    90b6c3235a65c0bbd6fc63660aecadc5529179af

    SHA256

    e496e8c8a709a83672cc01827e302e1a552cde7ba277bf2d9c31af11cd3646f5

    SHA512

    552718b78d22a14baceb09236e14c9d7eb69e7f9cb8994a1147d45db5972f55a78cb6d4ddba56ba3d4c851427f0c0dcd7e8e6d5ae980028eef0bd66a43998b1a

    Download Submit

  • /data/data/com.completeremember8/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    17c9900ed23aa610c28b6fad5a038718

    SHA1

    48e55d7ea8bd3c85e97e1304ff128fc6cdd24189

    SHA256

    bc0e2e4dac0e842aeb7fe7e001a9d0d6cc45c828de25f8ec9dee60335c072798

    SHA512

    9bacfaeec3bb487b35054c5d4364d14744be0be2a9f4a956acb6d0dc6f6181ef38ac9990985e83852879dd8b0cfc42784a9916bd4ad1da4a381cad5f09c51a87

    Download Submit

  • /data/data/com.completeremember8/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    f2640d4b65dbef5c38058c019ee8b42f

    SHA1

    95d79815f9e2dd2c073791d7aaa548a77b7f1d64

    SHA256

    5381ff6b322391fcb895f56c5dd96ee8d942248da12657959fc8e8f583629e2e

    SHA512

    4f60a8793ece682090ae34ef532549a5a71961b73a7af871995c06f11a507f51fd1b19311727c05db118137759151df4f0e2728af6a46b0f6f0cfe2e2ef0b11d

    Download Submit

  • /data/misc/profiles/cur/0/com.completeremember8/primary.prof
    Filesize

    112B

    MD5

    15af1cdcfaedb837b19131fdd2a1d2cf

    SHA1

    cff26d94e13e265c921c6fd53a0453b4a1b6fa33

    SHA256

    78588d2f38d110e0ded2a212ce0694301965b7b9c4981e9e373e2415c69a777b

    SHA512

    462f65a932e0052f369311c997a9957d3350bf8784486cd4365381e15fa9550b7af5ee12ec5e5ad6dca27abe621d01c4ed4beaba62dabc16ebf332dfb990cbcf

    Download Submit

  • /data/misc/profiles/cur/0/com.completeremember8/primary.prof
    Filesize

    25B

    MD5

    b9d9e0f8902d129e1aeebff0ae7b725b

    SHA1

    cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

    SHA256

    25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

    SHA512

    f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

    Download Submit