Overview

overview

10

Static

static

10

c22eb90a38...18.apk

android-9-x86

10

c22eb90a38...18.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    23-11-2024 10:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c22eb90a38d8c10bd65be485bec46722ed7db018.apk

  • Size

    2.7MB

  • MD5

    be517f5cd6a8495f74627b712d529dac

  • SHA1

    c22eb90a38d8c10bd65be485bec46722ed7db018

  • SHA256

    e40441d513cbe89bb2a2527e850fee821c6772f24ebacf654663d244bb6eba74

  • SHA512

    2e0feccbcd30c9efe528b96bb39ed95309a4a36a201e1c84ce6a4e02c70a38bafc915f0130119a48844cf3fe2cab1b7fbcf54a8c0a05ea529bdf203f32d55db7

  • SSDEEP

    49152:ZYoQrw6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQo:6oQrwFjEI4iZaUzYH99yIf

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://93.123.109.166:7117/gate/

https://93.123.109.166:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://93.123.109.166:80/builderxxxzzz/gate/

https://alicetvyineyayinde.xyz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 5 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4789

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    66B

    MD5

    aecd55ab385e84c4c514b9f0febac659

    SHA1

    e73a196f72171646214b9ec9cc7cbb06aa08f876

    SHA256

    fb35e56d57bc12ccc91c455a05da6a29c6add77d99a95bcb84bd8c8501d711e4

    SHA512

    a121d4285447776383d246364eebf96a5b56adb869b7f13b03ecd751474f824d680e8f6d4e5d9764aecf6331271683731cedcd91b27225b52f431ca4f26042bb

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    42cc5c3b1766022ece1ba1062428f593

    SHA1

    5b1cb4a869abaaabe32babf7a220db4f527f1a4c

    SHA256

    26c354546b0eca6ebd8fa1d176a47ad6455b4e91e9ef058a2a4be5d825ed0c79

    SHA512

    111be0a6d30cdf6302d341e2758ec2e1705ead9dee250614b17c7826dc67b31169db225dcf132839e2796740222c9939a533840e5b2b7f47e28c98f1d4b8d2cb

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    e3bb191ad1490ea04b4a45d16540f0da

    SHA1

    8edd4fb7ca8c5ff02493ac79e62f57589061d35e

    SHA256

    28b1b0885c80af876bed0e1ac0c987d2edd8f9a4e5bc80c33366b59ea253d6af

    SHA512

    ceecac5f2c92cd5ea44b79be3ffe057da08e25f2522d3ad5cc8138ab7ceab3e7fc856ffb813c320b8fd85a8506c9370366b62a079718b1dd6976c35f6b168ce9

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    002c6473693303a2b4048013764d8861

    SHA1

    beaf3403494c3e8e88bbfce96df083d7fa0e338f

    SHA256

    6a0d89b8adbee23537f44e2f5f5e1e83e67132abecef7a877e4954862486427e

    SHA512

    4ec28c1b7aa5ed907e18776f431c5d914a6ec8d85e705170944c354ea6cfac67bbb0d21169aa16210a745ff8f54c1f30aafa9c1a7693e5ade982ec3c7c7e3f7a

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    e09ba38d1df7b37dad615cc13be0730b

    SHA1

    544a0c9f00d039a398340f235717b16dc54e1fad

    SHA256

    a7ca85e3f418ac599374f668d13859e84f41994be2d34fd3210ba6e86ad96349

    SHA512

    a0c7a5d4e843e5e8a8b480fff1f6be98207e287636c83f0ff6428ca0730ddebf764060e40cc63c59f18f56293a787da9554402b5ba6595b03be4c9326016e96e

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    c2c3094f477ae8175502c03ddaae3851

    SHA1

    5a76a3b674bae1ca3866ce4d879f0a81b621e48d

    SHA256

    a8663d2e6d18860cfd152793ebb0046deb1dbe2e52b8ecb29406f794e822ae8c

    SHA512

    d01a70a1361e94848c10a0bf4344eb17f6a6d28e85d64ca213082e9b9bd6c7c989229898fd1ccabb4daeafa75e0fe62503a2b74b29d8df525abb7c6d3e6213cb

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    54B

    MD5

    9f806749249e488da3af605537955ab9

    SHA1

    35d8029fcb56522f2822c0cb60040ceb6b679f5f

    SHA256

    a4f7f847b730bee1b9c49c888796dc099c0eb3817d528685b23e4dfc17c1ddf8

    SHA512

    5f4e37d0f1d29551dc23210659992d646744379bc01422efc3ccd37da05e9e058ac461a47ae21d07bd5913c4ad2edc528d805770e51b8bb17055d21465bf366a

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    baaf0b9967c0a4d2de9e441d524ac9ba

    SHA1

    c89f2f6628ec434a081e7cbf33e144d60041cc32

    SHA256

    a9bf7723261858a9d26a47850d3e23501864eff482ec1a38d47fa18173e07680

    SHA512

    d0c7d48f92b50140b7537ce2715d0daea1ee8825c8fa2fac0a7c5bb8515633fac07f33c4773f1f18815664f113b188c7d069594bb516cfe019122fc9f1c10ddc

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    4e672ee33be1f0792e4ddd81f9817dad

    SHA1

    fb95108cfca6ad5df6f3d040464d3bf9079ee352

    SHA256

    dfdc4be1d3697e4c9593218d9d3cd8f117cc4d42ccf79a9b2c01aaa625ab641e

    SHA512

    99e514321a0388494014b01d9ade9d4fdca352a321ed2e2df31b34bf30173e44b955b2134787b11aee7d5fb5d386d2b7bedbdfe1658380b1c8d719f5ac79e042

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    b513e79e06f96e8e335d302c066e368d

    SHA1

    aba55735254a89edf749a9c79d44217c7d127bd9

    SHA256

    1206f7bc2bde2f9e67931e36ffbf25e4b76fe258d1940e941aa5d0fdb255d453

    SHA512

    7bf4d54456711e2f1c56f343fc09ccf8a2a7b7f44254d0cf83973e4759166d913b37799b0a7841e3fb0c53e783714e6496a80bd3c5711ddc00ff7b428a7f79f9

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    f2cf7ff2e7903862f5bc56d0b6562e1d

    SHA1

    3523c240ebac24df25688c8bd585b534ead56c18

    SHA256

    6f301f6093c2d9d51d36c457b24d1ae1a55aea91e56df9e214ce96b8cd26d31a

    SHA512

    a042eeaf2d866516e1e80db4d4057b0cba66cb5853409efd14a05bda88252f1f63e7a87b2c3ad3ec6ba81441894aaa33edd28f483212ee8cceb9eaf5e5dabd3c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    1117834e856d53482a33c6c8db6a4acf

    SHA1

    ab13ea77e456306af96eae8bf9953c4a3da70396

    SHA256

    7f6c41521692d84d1d54aca5c11b4e604a5a52c132fec7e45c265075231933e0

    SHA512

    d635f2a402ea594483eba49d517043759f1b9b6c5fe2ac2935805854c610d9d3a5edac8c08e8ce7e9187312d518db7146243b836f921ad5804a30daedbedd2bb

    Download Submit