Analysis
-
max time kernel
3s -
max time network
144s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
25-12-2024 22:05
General
-
Target
07df1b8f3a30be5053a04c6da53324b5fed8bc07d75cb4b10d2c5c53962eaf9a.apk
-
Size
2.2MB
-
MD5
37824ee493e4d9c7e1a3e0b6ff4708b3
-
SHA1
a18c14d3780dfe922f410d3bcfd08692ba5cfb2d
-
SHA256
07df1b8f3a30be5053a04c6da53324b5fed8bc07d75cb4b10d2c5c53962eaf9a
-
SHA512
3193b3bed01bdff8606482f5b18c5f7a1fc716001a0e8ed196c8ad685da1f30f053a614c890dda5579ed94418e2e164abc49af6aca6bb52af4bfadd2a0dad9a6
-
SSDEEP
49152:gAdFspLbQTtzZ85XDwi/HvgThS+Y9eK2q9JSFI6dBGz/11wQixli+XI58dy/O:6pLb8tt8RDwi/PgVcMK2q9JS3dB0/11O
Malware Config
Extracted
octo
https://karateustalariningizemlisan.xyz/MTk5MTQ4ZGNkMDBi/
https://karateyolcususamuraidurusu.xyz/MTk5MTQ4ZGNkMDBi/
https://karatefelsefesininizleri.xyz/MTk5MTQ4ZGNkMDBi/
https://dojovekaretekahramanlari.xyz/MTk5MTQ4ZGNkMDBi/
https://karatesanatvesavasustasi.xyz/MTk5MTQ4ZGNkMDBi/
https://samuraivekarateduruslari.xyz/MTk5MTQ4ZGNkMDBi/
https://karatedoguveteoribilgileri.xyz/MTk5MTQ4ZGNkMDBi/
https://karateantrenmanvesanat.xyz/MTk5MTQ4ZGNkMDBi/
https://karetecininkusursuzvurus.xyz/MTk5MTQ4ZGNkMDBi/
https://kareteharaketveteknik.xyz/MTk5MTQ4ZGNkMDBi/
https://savassanatlarinindunyasi.xyz/MTk5MTQ4ZGNkMDBi/
https://karateustalaringizemlibilgisi.xyz/MTk5MTQ4ZGNkMDBi/
https://dojoyolundagecenanilar.xyz/MTk5MTQ4ZGNkMDBi/
https://karatetarihvesanatustalari.xyz/MTk5MTQ4ZGNkMDBi/
https://karateustalikursunumetodu.xyz/MTk5MTQ4ZGNkMDBi/
https://karatekahramankitalarustasi.xyz/MTk5MTQ4ZGNkMDBi/
https://samuraikavramvesanatifelsefe.xyz/MTk5MTQ4ZGNkMDBi/
https://karateevrenselustalikbilgisi.xyz/MTk5MTQ4ZGNkMDBi/
https://karatekapsamlisanatustalari.xyz/MTk5MTQ4ZGNkMDBi/
https://dojotarihiyolundandegisime.xyz/MTk5MTQ4ZGNkMDBi/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
com.they.matter1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD57deba37a355ed3b8e7bdf0867ce38e9e
SHA1edfc831cc77b1afb337eea3b663c561d07302bcd
SHA256194aaffdbb7b5cc41ca5be7100cfe8bc679f33b8dfd4d5472be29407949d8c9b
SHA51281a304438cb546d493c1c7871add1c4a6d5c43451bc88a0aba8c9affbde8f3934de8f211bbb054ff622377fce0543cdf424ef234ad14625eb71cb96227c19789
-
Filesize
153KB
MD5329e8ec63e3a622ca12d8938dbd6f6a7
SHA1ecc73ef353c535cd83682e89ae105fd1a619f5e8
SHA256a4959e5896265ca486ccf59e468b05b67a6efbc63c03045a34bd1a2fec79dabd
SHA5123bda5cd80ba814f1861bc7b891151c6e041511de9beca1e0f8a485f5be6ed9541214aa2f18510242e85cecf4dce2564167bdbfac0f3653c5f971833b0a953b26
-
Filesize
451KB
MD598041b50073adff5d506481a4d23b43e
SHA1cfa4424461bf03f90f29464e34f0f54dccba3300
SHA25665c291e6724501b5cdbf1a26d78335604082aea09fa630cb02fd2dbbae10a915
SHA51214b8761e4810790abc29b3a569b2a1624394a572f2d709ab8e84463bf1449cb234103204976e5cfd4ff5a02135461ce0ed2e60d1759d78afca725a100b36e080