Overview

overview

10

Static

static

10

61d955ff21...9d.apk

android-9-x86

10

61d955ff21...9d.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    14-12-2024 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61d955ff216730ed1b4f312c10aa96b6079193d767bbd5ea902da543e9f9ea9d.apk

  • Size

    2.7MB

  • MD5

    77a0b6d6f1c3f416aa35b4a97ff2e356

  • SHA1

    83e7d2180b0a5074f4e897883d5dbb28ceb48820

  • SHA256

    61d955ff216730ed1b4f312c10aa96b6079193d767bbd5ea902da543e9f9ea9d

  • SHA512

    71435ae3cc15fca98067b4c0e4cc80b12d15eee9629c642bbc57d071ce7e453524f60922d887cd0a856c451d1ac6cd69139729655c9400ff13c721c218e27a82

  • SSDEEP

    49152:I//6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQY:InFjEI4iZaUzYH99yIB

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://85.31.47.238:7117/gate/

https://85.31.47.238:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://85.31.47.238:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4308

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    490B

    MD5

    c5627018f55fd71be4577ffd85decbcf

    SHA1

    5b5bf7bbc6c640a7173adbf59198a028f3c95945

    SHA256

    2765dee6d400cf30e25ef350652b533abce48593b668ed55e2a94cd629691da3

    SHA512

    9929690ca909ddb6ec51415336a8e5c76886db174aa5111221f38d75e973beaa9f097a53e2f80a39d5dfe67236f76f5460b2cfd2dffd51fa3663f694c3564222

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    0ea2807446f9bce10a489ea3a0d1f1d0

    SHA1

    facca10ace9bb9751e84e50d9247c0e24b664e2b

    SHA256

    593a13b1c336ed087d2a6985fc5675b878ec13eb46a965ef1d1af82fac9ceb17

    SHA512

    f573713b8b14a67af2930c744d8813f53fd810ba40820657d14cf347305b8c044026ec2de5d30a7bf319250ebfb0f78fe1c1f11001aecc4052196c7e7dd7d8fe

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    60B

    MD5

    899cd5bd50d3fe3f92526fa68d8f92eb

    SHA1

    a1feec888f6acaa253fd9533415505ec77835780

    SHA256

    9c3d7b6258fe4768ad80b324eb6e46547b373a6627b589fe03abbab25de7e172

    SHA512

    ac1287b554dccfacc6ac85cfc4892358fbe7fd48cd07e680c92dc20cf9cb43ca7089e65af2e0466ad82dad0ecdffb7e317dfd0057058dea5857be74b351f00da

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    70B

    MD5

    753c8ed32d49f89141c11a95fd06732c

    SHA1

    8c44b352f8dc86364a5e4ab94f99503be6dfc5c1

    SHA256

    cefaea92d833054206b139ceac337ba70d1683c3d48b4bb3d2de53e8cc9dd693

    SHA512

    caf217d8f7cb0950c673f3550106d90b3dc55bd4ad7c0458d6ea461c3b62accedfba69cc0ef900520b66f99bd1df43bf455003c40858225c0d3174085fd1742f

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    52B

    MD5

    0a99c775f605232942a9e42f7e3edc38

    SHA1

    b09d57224fcc191aea45c8b1927552154235a73c

    SHA256

    577fdd56523db05dace73c52a253895350a11bb14a85824105016ec4065a752f

    SHA512

    3c680a7e7001c98e250d37a0fd801d2cf869960533a0e1fa68c259351fbb65c716b6a10e5f56311f30ca2479609ace571227585c0e7f184c0e03c3b74d82d562

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    214B

    MD5

    98e4ba3bc403110dd44c28f4336d42ac

    SHA1

    0f5cf142f10925a5786e9b8688208d3b88296084

    SHA256

    a69893a24d92da1e4a6ce4da0e6541dabbc0c74ee4c76ee9e780a74d6a93f5ed

    SHA512

    3b2bcb2822b26990b6d80daf9ab76b664d1870cad4a9e22212494d657f9c847bb6d1412594c747b3788af2601fcfc64f9f2b915285da9757013ff23d9ca4b133

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    214B

    MD5

    d1c9c9e480aecb18a86bc4cac81c3221

    SHA1

    e6836df6a8776bc20c78627133df31a7c2a2815c

    SHA256

    ac0dce84946423107b955859e53d03029f27d1fb109f8a823a78d83a1a205fc5

    SHA512

    d4411334924ca1dffe402c034af1cea1dbd90b6eda3f18e142173b8c9947cf38e82f4478d0584d5d0d98f404014487af0a109ca8b0244f03b4a44f2a602b5bb7

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    52B

    MD5

    90b60476260c73c275151549359af144

    SHA1

    cba02959937e639a97c00e910cb2629ccca36c46

    SHA256

    3ed214af359881392855f39fabe8ee4c5900f45f1315ac3e706136c1c1815f34

    SHA512

    a12229b9063fa5e4fc92a940461f3f3ec5618c21d9473a5d75282772e0f4f67b044137de07b6fec80c15807ad7b752ac1d2cac7abd09adc9de6f3b5d0f84419d

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    70B

    MD5

    f0e7a060312960d2132c238919cbe48d

    SHA1

    dfe10d6dbf099e092213068d0bbb462748b9a584

    SHA256

    4ab770157eda2ac0078207e2564722f1b2118902dfef16bd8fba061aa339786b

    SHA512

    7429ecda8c14164412fce49570c494e9edb102de2a6d1dbb4338ff00d05cc23b09b934285da2cd58da05228af7f1b793a09cf89bda57a5b32d474b34ce4fd5e6

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    55B

    MD5

    659e8e75c6bf9babcb7fe5e9c1b89a0b

    SHA1

    065515bbca49f8084f9a5b08ab6a515c8d72448b

    SHA256

    23cf2fdd7e49349b592af27a6bae579bcccade9cd79dc2baaae5eb4329bef057

    SHA512

    4bd5d6a7ed85008aef717e8acad544e015264f8eff99e7c415d8dd3ea9731c0a216d1d172aae2c06440144ffd3aa2b99a0f5d5e9d9e4eec5bc6eb508b73e9747

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    8cb788de8ee595609551678da758ed79

    SHA1

    52218571c5c8feda592dd42c6656128b553659e8

    SHA256

    ea6aed2d44f5dc84a8a1db6137b13830845f156a05858e74c3f53aa4ef3da1e0

    SHA512

    b0b8ff80abe097bd62ce457074a1bfeac2e5730eacea6cf9b784f8f46692fb7fd92c583b587d24522d92a5cb3fa171510ed099df4751b3633a53977f69ef0c4d

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    70B

    MD5

    2491a07143001a7684ee8a900dbc25cd

    SHA1

    0c4d9189506b70ed033950c9cbbce4892d90182e

    SHA256

    1dbfe04a8135d9d4143d72ca224e52fb0b0ce8f9f260d85ce04f18e50ba6b79a

    SHA512

    1ddc5166f3f34a5117d73281cc22859e9b9d5f7aac5402f8affd7c72d6ce03aba45956808604b3421bfecbe81612d4f2f1dc6606c9e4962c158b90d7633c57ca

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    40bfa2a5a3e9d422d658407d63129286

    SHA1

    d94950472fb9d7b79de3b2b51a9d4552f32e473e

    SHA256

    949349dbdb81c274a3aaa1304bfdec8d9e4697e41e67124d52b1b378f1435d30

    SHA512

    322518993f6df82bdc28a06c11a43b1bff1d6b45a26d05256ca0d60c9867d01b1936f5009b41d79b8d2f5203678065af9029c89cc8252b453a1575a1a9c8d022

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    79B

    MD5

    e3b65eb00a58facfc70382d9c33d2e15

    SHA1

    f9ff71fdb19c5621311f89a368c2f734383fb677

    SHA256

    96760135f9b537d4ab8923433ce6b065eb870104757229924a62ae1914c2e7af

    SHA512

    3b600844f8a5391758bcea5ff025fb909ba31bf9f8d566924f9cb848ee969f9c16ae6c5107bab38ba677fd25a8846e2d3f17006fca828517ee6c24bace435127

    Download Submit