Overview

overview

10

Static

static

10

6035ec1ede...65.apk

android-9-x86

10

6035ec1ede...65.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    01-12-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6035ec1ededf174e7381da40a6cd9f8ac2ad328e089c353dd30d6f0ec774af65.apk

  • Size

    2.7MB

  • MD5

    7cc0442c2796de44609872ed586b2da8

  • SHA1

    bd830bdc6da7d0c4fdc3c7d00eeed12a386c0915

  • SHA256

    6035ec1ededf174e7381da40a6cd9f8ac2ad328e089c353dd30d6f0ec774af65

  • SHA512

    4450ecd14bb8e1fc299b00849bed4f1942885b3890cc57d8382615304741a9f8e635a360720e1a82fe8f1d2a14edca4cabd4e2e7b64659bc04145d0b32fd456f

  • SSDEEP

    49152:ZYoQrw6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQy:6oQrwFjEI4iZaUzYH99yIl

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://93.123.109.166:7117/gate/

https://93.123.109.166:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://93.123.109.166:80/builderxxxzzz/gate/

https://alicetvyineyayinde.xyz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4627

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    ebb5fdf47766499edadd1d50d6ab76a4

    SHA1

    9e60d99f0f34a8dbddc9f758c42ac686686ed469

    SHA256

    be0a390e2a9ae47103bbc1a2c53d903f48ffe00dcdfed2949b5a7cbf0b4a1205

    SHA512

    eb55284b6de3dec19d17c582884daf712451f0ec6282f6f5f0c570ab2cc6fae7a27e8f5bd595b5ff76cacef47f8d094e5bf1b0faaf05e616b641a00cc663343d

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    ad7ee62c28baafdaa684fb4b9922fecb

    SHA1

    867e0c0e5e07469a3cdaa8432ea2f9a770cf7dad

    SHA256

    429205a1b20ffdfd677f72bbdb3f79be19cc8cc1b02767a5f601c576f631fe32

    SHA512

    16662a5533cdca545e7d2c36488b10ecc839104be0a1c985023d504ba7aad7a8621e321a440cdb322c7f1cddb28257bb8ada0fcfb6642142abf67b72c05bfd27

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    78d3c534bcfe18fdaaef5c8f72c2aa2f

    SHA1

    bb1cf5c34fabf1bc97da180826c38e9e316e5f90

    SHA256

    4277d1816a745477947bb6d6d401049c44df8cecc9f5d43341ebe98898c42b64

    SHA512

    07792ac927e170caad40d48c465120aff38d372ca42703fab9d2714d30209ef65d5d8fb675e74e974de5de3fa9f48ee3b67e75c6f7867e27bf3026b32d1d0ec6

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    54B

    MD5

    525358b637c7e5594a29372e31e979a8

    SHA1

    30ea0521914171900756f18afbb1374a3f023cad

    SHA256

    7a7cb4db981cb347e17b8b762515aef15616e445e4d7e58039335a792fcb0cb0

    SHA512

    691b49d7cf47d19c33e57f8fa1d55bb694072d688f4c990928e0e40ad84ca0f658c0111c2e79700fa4c0c6abf0b915cf7daea5ccba467d2baa2ca8fedda40fe8

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    aa101fd070a9281661d2185953e567ae

    SHA1

    9a8080cc4625363023afc9dffaee77e7306ee743

    SHA256

    8916e4dc3346d3eefd4e4c829f49f4c5e9dbc018d9cb92c70306c974a497eae1

    SHA512

    f392bad9b811ebccb0ef5af1eabf31c596613bd387eb0d9a27d67cd9d8bb27eed1f3f47b0ea1940fb58b5268f6e72e30f46b559db69195eb0edd0a70e267833e

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    d2d528d17dba9d36d932da2b3db5fdea

    SHA1

    6e3a9b9a8e5b3df57dbb83a7d2d906b3a4dadbf0

    SHA256

    d2800260aba7cefc7274ae6eabe7e1ce7f3271180c3e8ba9cace3e0ee63b12ec

    SHA512

    9619078dba31fc4b9ae33667f4bda199f5c3fe4f8d4dce0a0003bdccd28f3e54c72dcfa402e6ea0872ee3c6b7a33d50c9e5a2729d5f48c4dcf6a654f766efa54

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    49a9089fac3d86837b8fc6d03e1899b2

    SHA1

    c88143ac8586effb48051ae3a0519aec7cfddaa3

    SHA256

    22c7cec41c145afcde5f2ae8eef1a7d4e221dec89fef6bcb4ba943509ae7ea85

    SHA512

    bd9d9b8bc5ec506f9187318d1e6b1bc82c85a008e3bd990130ad15235fdd7162beacd12e81361b2c38d77bd9a1c78f8911f4c8c03b28caba2ca023fb4b798611

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    c3ff69f4aef5b1774f664ab4452adbe2

    SHA1

    fda008ae193157cfbf2c67cb04ae9952ab1f8b05

    SHA256

    ca2b01086f7bb830cda39a7d0c637d1c3dc70e704e68ee131f36bd8e4e3f1500

    SHA512

    3950cef6abf132390176c5c50755fba253eb822f34be0cc79fce27415c4bae69cf9fb60d90ac277f51f599a1bdceeebb49f37afca674fadcd2379c9ca7859346

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    66B

    MD5

    438a1d5ee3474b476c1a0ed0a90697ef

    SHA1

    186d16298b0b3f29e79c1c39a63c0fc17c4ee9bc

    SHA256

    9dea5dea7d35b91bc2e026392e13a3b23854fd06ce4d56f893848bd5b4322102

    SHA512

    c16a79d3694879da9010a2a9da97c0de0e51ba221069f73e11749d9059f973ba9d0fb25d75c2271cf4c7fa9b47c66f9e759c2529ad485f9dc4115c42a34f4c3c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    30909924f94d104623b52245f01b25c6

    SHA1

    48baa2430508156a2167d32f5fcbd21ef34bf3e7

    SHA256

    4def46ce3b97ab803c5fc158da39b5dcbf4ecefa3efe79378669d925fa5fb9c5

    SHA512

    13921bf24c11a5b2ab7138b2de28c67d87b34d6ab449a4b606b8d183540cab766a5d6c0e5f12cf774024cfd5432b6ed525bab457b288ea14c6d16e3121d89b9d

    Download Submit