Overview

overview

10

Static

static

10

7c6bb49c4d...5a.apk

android-9-x86

10

7c6bb49c4d...5a.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    145s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    29-11-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c6bb49c4d9de1008b29d1e42cbc4418a4256d381a0071c469dfc5790ec4b25a.apk

  • Size

    2.7MB

  • MD5

    6b78c5b3c105a8746c22e5eedba30293

  • SHA1

    796515deeb15a377260325bd11e642fbd46e5e40

  • SHA256

    7c6bb49c4d9de1008b29d1e42cbc4418a4256d381a0071c469dfc5790ec4b25a

  • SHA512

    c87d50650b5fe043e49897607d6b8b829b38ede22fc65040272c2230f89b4318cfa89fc7ecd30af345cef9ce4167e9d066379d7a7c9485164005e84bf2cb5da4

  • SSDEEP

    49152:ZYoQrw6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQG:6oQrwFjEI4iZaUzYH99yIR

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://93.123.109.166:7117/gate/

https://93.123.109.166:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://93.123.109.166:80/builderxxxzzz/gate/

https://alicetvyineyayinde.xyz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4513

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    4eeb0ff99de94e0f061850485773c63a

    SHA1

    0c3fdcff139184b9c25aa30099678b90e35e770e

    SHA256

    213a5cada22bb123dea9bb9057f2a9ad0a75f81f81d4d1f8ccd37f8fbaf44ecf

    SHA512

    2bca4764f2c9eedea97ae19a69b7ef064b7b35a06973d7fee7ee9d22b1c7e6895601aec289a28206a666baa8056bf81cda5f13e1b5fedab72da8514adc5ab259

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    66B

    MD5

    1d51283e193071b769e6f92245ecca57

    SHA1

    afac07cbdfd6a1bb5ea5e05a20242a4aacb1c2cb

    SHA256

    b49ab09cf6edbefb552859da8732823ed717e97ed8e66177b84d23cad98eb4d9

    SHA512

    e584febcc12564529f698981f60f845899e9c8a6eabe4e82adee64002e3a218cef9ea69061b8ffa00e231148d42d429744ac66fd08697dc93df030af270cd01d

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    a8f9236fb41333f8645a38f20d74a53b

    SHA1

    01f706cb755ab08ef62a4da907213fac7c307a30

    SHA256

    c4403912c5bd1714a631d92899718518b3811f7fe9f910b3c8182087b201031c

    SHA512

    ef7828a58987269e46eabec05e216663ea34a5deba880719ebd4dc3d1c77417eae20ad10d918f6a304794cf8cc41c14b8d4259f6cb7f8aaaf189a6108c7cb2a1

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    091b25856f396dd68c794672d01bafdd

    SHA1

    a02696bca70934ea169c72ce3261e103a5e60e04

    SHA256

    2e5a07b7ad254133706ddfc9511c0a09074b6e94bc91aad0248eba3ad5848a23

    SHA512

    10690719e938b3fb6f29b70b83eaaca1ddbbe14650805f6f67e83673bd99b28179b73169ff0aa0ef0095709f0207840561046019efd000e4a5d69d6f84e49587

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    58B

    MD5

    29298f219b01979a4a3953bbb6f51800

    SHA1

    d881e18d06bb333564d6df9faa07ae13f4ed85ef

    SHA256

    7012a3c50b3397da39a826c96c392084752cc20899437f223507a4b89df92d1c

    SHA512

    d233b0ecdc16baaf92fb1f3aa482ce88d0a30148366f8f5882c90897b2ef2933a634285575e28ef3ddf7b1a9f2d7bb2582f767793654fe6ffbd2bea5c2fbe39b

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    3f602d6b79dfad5ded38d5d705730752

    SHA1

    acb61eee35f9b587637b0e1e66bc2341fdd44d3f

    SHA256

    2c6812ed6a2c11808ca82812ab626aac1c2250014d87c8c3c9a607ca97b1ff8e

    SHA512

    66e9e37c73ab2c5dea186ab2565ecf2e8253d1fd346ad683755ccb6b1065d5bd01af46f5018075488668a8d7280e8ba78a0f5c9fe7b37257c356996ee30d0bcf

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    dd9da8716cbf9a1573ae34f4775edd68

    SHA1

    d1c2ffc8837929508bfbacb1ba53caa8efd8e76f

    SHA256

    d0fe37868da276bb0e94465052d2b9b985c34b47dbf8aabd2ef2b6395373600b

    SHA512

    ef9363ddd571e4dbd88ef98a2f71da5392f6db6b8d9bc5b55ce6f837a61787db2a6c8bdd2aa0eddf258a948ed4441a8637ba7900bcad1052ca7ea9cd3e4c22b4

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    5496e5bbbefc51d78525a2dd8c9f5be3

    SHA1

    a03d589d901a151e5aadd813a626933d52440a10

    SHA256

    b65b3808ca37bc836772b67b1993633acce778bef326add229478260a16daed8

    SHA512

    a68dacac439567226468903cf3afb2c7ddff55d1072225d87c2e0f6cb550bdca28be6091fa51e29348ea3f77e7cb05d570c258d1502ff6df608a726d1a3c13eb

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    440dbdc45896dcc26613b07d87f00f78

    SHA1

    10594b9117779f8a0d0b44a78263be6c46612689

    SHA256

    105919533821b0a4868880160d75b13eed3218c38d0d4116aa827806ce57098f

    SHA512

    c8ffba910eb885fd66ed25641bf922c1063f3af78c55a2cf4686d0dfb87a11880c26b53282130139e17b4b6fc74dc3c02d2ab29c81a4a9fbad46b6dcd2ef168e

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    9fb718b7c24d01d50e98173321ba1039

    SHA1

    36f9783d9a5bbf8d115bbcc7905c7417301c2d68

    SHA256

    1055cc5699d4b7506b1a9e81f9288316598f5b69380398652a5eb2d14d06f655

    SHA512

    a68b4c021d45e07f813e0a30306cdf020bdd2533e63b2dae6eeef699481f2ad89cd78c282fc949092ddd940f307227a797bbf8b28cbcdda8bbcd501dc6c4d2bf

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    f90c3e07c071011fe66da62ee77f4920

    SHA1

    dea7213174701e107528da15ae9d177ff7a0fec6

    SHA256

    5a2daf3484e76c353d69629693852208cf2fbe1b99b318a35dec0185a1f6b044

    SHA512

    5797adbff3d937a431284de21a3b4d9da18b5361656d9343d8efcfcd064e5a9be6380185a3d0ab18f0166e4cce314c2c2d7978e03a147ff0c915561366d6b8ad

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    eeeb300781e468eb11aa5d1b3231b964

    SHA1

    4107e8bc07c9011ab0c88add8f6b201cab6bacbf

    SHA256

    174a76960e85501bf7058a41746c00686538b909a8c941f9d7cbc34372868a40

    SHA512

    2e720863e6c12190d3cc1e607d67ae1f41b52d254abf957adceb65b016c12013814b27689e964c381022f10dfc812484db933b38846a8fbed0e9aa4a6d765514

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    58B

    MD5

    3ab5b24e5b2a2d6ef2c755c8b8812515

    SHA1

    20cab079d3443c443c91a898264ab63c372565bb

    SHA256

    0aa0cfef56cb424b9a478cd48e8a9f03ad82b119e82d36c88ca8338b674db76e

    SHA512

    07f7bfd5b0fa41cab63c766656859be2c8a8cd759702925cebcb79e669f525aa34fe99bcef61b84643bd80dd23a4f6d4efaddafced3316dc3a9ad192c2ab882a

    Download Submit