Overview
overview
10Static
static
601e6cb93ee...9e.apk
android-13-x64
10197359a4d8...d7.apk
android-13-x64
102427241add...70.apk
android-13-x64
10282a7cfccb...bd.apk
android-13-x64
10284d74a6fb...fa.apk
android-13-x64
103221126c35...63.apk
android-13-x64
103f3ab2cd7e...bf.apk
android-13-x64
1043e48ed5f6...fc.apk
android-13-x64
10616c4ad548...8a.apk
android-13-x64
1074aca9fcfb...e6.apk
android-13-x64
10753c262257...1d.apk
android-13-x64
1083684d8fa6...97.apk
android-13-x64
1084b4b256e4...0f.apk
android-13-x64
10865e193b3c...3d.apk
android-13-x64
108734504205...3f.apk
android-13-x64
10950867a96c...32.apk
android-13-x64
1098b720a6ca...99.apk
android-13-x64
109cc247e8df...48.apk
android-13-x64
10a3a5eefad1...34.apk
android-13-x64
10af3368fbdf...c7.apk
android-13-x64
10b0bb07c713...aa.apk
android-13-x64
10c4dccd90c3...2c.apk
android-13-x64
10cabdd63fc1...d9.apk
android-13-x64
10d27fe181da...a5.apk
android-13-x64
10d73f872092...0a.apk
android-13-x64
10e3b0cb744a...e8.apk
android-13-x64
10eccd114fb6...9b.apk
android-13-x64
10ee5950ed19...08.apk
android-13-x64
10f94f3f8681...4a.apk
android-13-x64
10fd70959566...85.apk
android-13-x64
10fed26acfb8...c9.apk
android-13-x64
10Analysis
-
max time kernel
28s -
max time network
26s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
23-11-2024 10:56
Static task
static1
Behavioral task
behavioral1
Sample
01e6cb93ee9ab6e67340d1f9e6ede5efc9c64f9e.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral2
Sample
197359a4d8548b72c8e14e6d75d612ded5cfc3d7.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
2427241add3123a2e6fba0aa091c487816d9b670.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
282a7cfccb03ab7ca7fa3eeb9a4cc28e262e2abd.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral5
Sample
284d74a6fbc2c12745c475bc0d2f24e9b43488fa.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral6
Sample
3221126c3590df52f238b0dcbfd5e77b226a8a63.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral7
Sample
3f3ab2cd7eea46a0b7061f692401952b6bf4fdbf.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral8
Sample
43e48ed5f674dcf241ba8b9456162b97f671f7fc.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral9
Sample
616c4ad548e04baba19d12f04a427019c2a7c78a.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral10
Sample
74aca9fcfbe1a787b6ffec5e35155d664f5679e6.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral11
Sample
753c262257602605e79946ed42fa855da101761d.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral12
Sample
83684d8fa6a73bbbf2e402757e6ccf4b2018c497.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral13
Sample
84b4b256e482bad6dfa694a96e9b4ea5fcc9fc0f.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral14
Sample
865e193b3c83f15cfb0a180dd33affaed8bfab3d.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral15
Sample
8734504205b5cdf1ea4c0e2d62a0dcf8500dc73f.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral16
Sample
950867a96cc81824ec348bc9340f283c139d7832.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral17
Sample
98b720a6ca62407d6e1cadb11969bc3feceb0399.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral18
Sample
9cc247e8df72cd7938a43004864a235930d8c948.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral19
Sample
a3a5eefad1ab7ede2d493629ff7eb29f3d9c8134.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral20
Sample
af3368fbdffaed6f089dbdd77d170b09dc9fc8c7.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral21
Sample
b0bb07c713ad70db85f0a6058fb0fa3bee58b0aa.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral22
Sample
c4dccd90c3a007ce989c494caaa4b7f6e9bc2d2c.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral23
Sample
cabdd63fc10af9b43539d18cc4f7bd6830a3bfd9.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral24
Sample
d27fe181daa9683613fa89b973ac1a904b0efca5.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral25
Sample
d73f8720922c0bca6b12e1a2e1ce31689e59b50a.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral26
Sample
e3b0cb744aa134ff48d69b448b719ba3f12279e8.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral27
Sample
eccd114fb6d2fc49928d0fe2800bd6235c5be89b.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral28
Sample
ee5950ed1975ff96b14e116c17b929e70ea93b08.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral29
Sample
f94f3f868141393ec9df11307eb7eddc6d9b734a.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral30
Sample
fd70959566881b4508b8ee38b639d37f9e96a185.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral31
Sample
fed26acfb86c23f45020918c294477b3b9ac3dc9.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
ee5950ed1975ff96b14e116c17b929e70ea93b08.apk
-
Size
2.3MB
-
MD5
2c5bea4a0e8ebe568211a53e82de9136
-
SHA1
ee5950ed1975ff96b14e116c17b929e70ea93b08
-
SHA256
25bc16985188d02daf760fef23d5353cfd03aed699407596e46c032f05a5d659
-
SHA512
4e9e01baaa2492bc014ba9c8e07fe7c800954e3a9106e3bcc97282e5c6917113003a4a20db4c172c7a8c2e22ab73724e14cc786399acd2740500a1f788b714c5
-
SSDEEP
49152:YHSge4v+bGlXMWtjxUcTjQEBUVzksSMjiGMBEIMK/H4gKcvlbE8WPAlR6dsX:CPGbGnjxmOQjiGMhYTcvlbnWPWR6dsX
Malware Config
Extracted
octo
https://populeryabancianimaserver.xyz/MDQ2MTZjMDhlZDQy/
https://eglencelikahramanlaranimas.xyz/MDQ2MTZjMDhlZDQy/
https://cizgifilmtutkunlarianim.xyz/MDQ2MTZjMDhlZDQy/
https://renklidunyavekarakterler.xyz/MDQ2MTZjMDhlZDQy/
https://animasyonvekulturhikayeleri.xyz/MDQ2MTZjMDhlZDQy/
https://yabancisanatcizgiustalari.xyz/MDQ2MTZjMDhlZDQy/
https://cocukvesinemaoyuncular.xyz/MDQ2MTZjMDhlZDQy/
https://cizgidunyasindakiyabanci.xyz/MDQ2MTZjMDhlZDQy/
https://animasyontavsiyeveyorumlar.xyz/MDQ2MTZjMDhlZDQy/
https://sevimlicanlilarhikarakat.xyz/MDQ2MTZjMDhlZDQy/
https://yabancianimasinemaustalari.xyz/MDQ2MTZjMDhlZDQy/
https://cizgianimasanatyaraticilik.xyz/MDQ2MTZjMDhlZDQy/
https://populeranimaserverkaliteleri.xyz/MDQ2MTZjMDhlZDQy/
https://kulturelanimasyonvesanat.xyz/MDQ2MTZjMDhlZDQy/
https://yabancicizgianimasanatyolu.xyz/MDQ2MTZjMDhlZDQy/
https://eglencevesanatcizgihikaye.xyz/MDQ2MTZjMDhlZDQy/
https://yabanciveklasikanimasyon.xyz/MDQ2MTZjMDhlZDQy/
https://populeranimaserverdunyasi.xyz/MDQ2MTZjMDhlZDQy/
https://cizgianimasanatkonusmasi.xyz/MDQ2MTZjMDhlZDQy/
Extracted
octo
https://populeryabancianimaserver.xyz/MDQ2MTZjMDhlZDQy/
https://eglencelikahramanlaranimas.xyz/MDQ2MTZjMDhlZDQy/
https://cizgifilmtutkunlarianim.xyz/MDQ2MTZjMDhlZDQy/
https://renklidunyavekarakterler.xyz/MDQ2MTZjMDhlZDQy/
https://animasyonvekulturhikayeleri.xyz/MDQ2MTZjMDhlZDQy/
https://yabancisanatcizgiustalari.xyz/MDQ2MTZjMDhlZDQy/
https://cocukvesinemaoyuncular.xyz/MDQ2MTZjMDhlZDQy/
https://cizgidunyasindakiyabanci.xyz/MDQ2MTZjMDhlZDQy/
https://animasyontavsiyeveyorumlar.xyz/MDQ2MTZjMDhlZDQy/
https://sevimlicanlilarhikarakat.xyz/MDQ2MTZjMDhlZDQy/
https://yabancianimasinemaustalari.xyz/MDQ2MTZjMDhlZDQy/
https://cizgianimasanatyaraticilik.xyz/MDQ2MTZjMDhlZDQy/
https://populeranimaserverkaliteleri.xyz/MDQ2MTZjMDhlZDQy/
https://kulturelanimasyonvesanat.xyz/MDQ2MTZjMDhlZDQy/
https://yabancicizgianimasanatyolu.xyz/MDQ2MTZjMDhlZDQy/
https://eglencevesanatcizgihikaye.xyz/MDQ2MTZjMDhlZDQy/
https://yabanciveklasikanimasyon.xyz/MDQ2MTZjMDhlZDQy/
https://populeranimaserverdunyasi.xyz/MDQ2MTZjMDhlZDQy/
https://cizgianimasanatkonusmasi.xyz/MDQ2MTZjMDhlZDQy/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
resource yara_rule behavioral28/memory/4494-0.dex family_octo -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.agree.east/app_edge/QSOpMn.json 4494 com.agree.east -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.agree.east Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.agree.east -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.agree.east -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.agree.east -
Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.agree.east android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.agree.east android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.agree.east android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.agree.east android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.agree.east android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.agree.east -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.agree.east -
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.agree.east -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.agree.east -
Requests modifying system settings. 1 IoCs
description ioc Process Intent action android.settings.action.MANAGE_WRITE_SETTINGS com.agree.east -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.agree.east
Processes
-
com.agree.east1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests modifying system settings.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4494
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Credential Access
Access Notifications
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD593f6071292655fafe852eaa12dd67372
SHA1cdd5bc5c44dc358c701c1735f25cdb966a97ea0c
SHA25623f532b7ea93c27e6b38cc46f095bc775f801779abc5d1ce55bd8f3e2ac47805
SHA512e9cb434bfeaf708d29ee8c0edf01c95b2cdf667d1b4827accaa1e566cea0461db58bca6b0d274be85252a199f0b2acb82e5be486abb0112230537db816d8073a
-
Filesize
153KB
MD5bfa5ac8212f9bf3a35cfc18dfd3ffbfe
SHA18e10cf7a50e1e7375e73a8cc13e62bf5bf3e2439
SHA2560253d4018769de12bd0c9f1155f8a1cea5cc542bcd4e3af6d314b49eb41dfb84
SHA512918e03ee9deac6333dd12dca6e670e81f3fe2024220bd43d4d8bea1c14a5ef77cea80d6d36a9b9c4c88e4da19b6ffc534502075de23bc046c681ba47225eadbe
-
Filesize
451KB
MD59054a3c1084aeae29e24e17a4f88abc8
SHA1f99d7e0cdfac2a33fef09c840d99382b67f4c515
SHA2560c1700ac28379b56b5e2a9dbcb683ee92f71075099a8fdd6575e8a9e00022805
SHA512c3afb2caea90c6742267a3b96bf9a9a18c640fa9380b7e200466898c463a189288e54c9a105ba041ec37837bd44998421479d11309110348505a2ef3f860a6d9