Overview

overview

10

Static

static

10

1f48f8f5a0...3e.apk

android-9-x86

10

1f48f8f5a0...3e.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    31-12-2024 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f48f8f5a0b5dc4c13830697e97274abd42e5bb5310f34020924a3e87a51953e.apk

  • Size

    2.7MB

  • MD5

    a9cadf4ac729ebf64e7a9d4ff05259ac

  • SHA1

    cfb081350027ff0176f3d4fb895d8d598d43e7c2

  • SHA256

    1f48f8f5a0b5dc4c13830697e97274abd42e5bb5310f34020924a3e87a51953e

  • SHA512

    d26ec7d2db56fb08c7c9754dd3c7af00c58fc9e095b7ec56ba67f45eccf5140cf71eb0004c4525e1d692714aa7f41258e0da4d9c2c27ef243b1afb5304feefee

  • SSDEEP

    49152:Rkdz6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQX:RWzFjEI4iZaUzYH99yIs

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://87.120.116.233:7117/gate/

https://87.120.116.233:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4768

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    8ad8c13047b9ebf47f979488e6d9500c

    SHA1

    3897ff24af32d94bbffdf133e600038937685c03

    SHA256

    f6aefeff111bde5ec85c431e6ccf03563f84165d45c632c21f10c1e7fbe30f05

    SHA512

    fba4fb002c653d27d09871325d341c4863032a2e6290479509d1f21ad1d7d36d788377a141d637fcbbd18faf917a77e2cf106b1bb653d824bc3e1b2328f0db31

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    ad35636bd9c0d35dc3c138c439c3d9fc

    SHA1

    b14c839301e4c6fccd4a1e79acb29ca725410a9f

    SHA256

    17765aeebdec2bfc2d90a9738ba9e8e7e122b1e1386542a5ece272bce420cd83

    SHA512

    f6ca583421d61b9d02663b3fd110952934751e0cc3eef3ae3f641edf9737664917058318346f7f92993fe31dd118248e1b50522110ccb2e3931c7fda2e2f5b56

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    230B

    MD5

    3c2e6052f5ed6807d0535674952e30ff

    SHA1

    8b9100ccab9cafd02b78b915dfff45dbc011f190

    SHA256

    7bcca4de0f0a6032e87b746ee470ea7ccfb4b49ef71bef32fcbf4a9c7321686a

    SHA512

    232983a453f52ee30cfbb27334f794c0f06659869e866cde135cc07f3943cf8a9ee662490187e9a9b21d79b7be062ff6541296cbd0bfb143592dc79ae038973a

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    54B

    MD5

    4bc8a80a2219dd2df11cc13ce39abbbc

    SHA1

    f616b0623365dc108494cee8f61049710ffb5bc8

    SHA256

    2b46ef96c9a4912b60d6b6270ca0434b6a1aa24a02681b2c5373dba3fd58e1c2

    SHA512

    79bdf223fd391790ed07341b107619a8916feb665584a1b32721fd7cc7b243a8dbfb32851bfd0141664ea7dbb9d7d7b8da90f0fcf54e2355424088d3a6a15091

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    63B

    MD5

    09aff3e7372a3619d4d7ac5c9174ab89

    SHA1

    b5b3e2c894ed1642e95c34243efc30659e1ed64b

    SHA256

    73c159f110f6d92ff1ff9122b2bbe083d30d3ee63ab34bbb47b331efcc1bf415

    SHA512

    a575d96daf0138e76908d9d60d2cd190e4aa15739b5af153cc61f09a66bfdabe1caba49c13c102959a09833f337dcd2526926c63b435697cae9b46edf83a55ba

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    a8512420cfd610e228ccdc7bbdc432af

    SHA1

    493661381e473acafbf2f5a8b0a9c05d0b1db322

    SHA256

    b59b945f17b65ff60d88a4add991a066a92557bbca1a08de121bced48ee10283

    SHA512

    34bee6c8df94894119a7d718dc1ab966ea4bd1bac5fc99b6b1a2a22e451ce829897e9c362f0f52e5c827b093358871239a5b026e3eb9ad4acd8b3867ebd96dc0

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    466B

    MD5

    7bbbf37965fbaf3de45db08bca35560a

    SHA1

    82e25f6042d8b28538b9698750df55cd5f0571cd

    SHA256

    cb227a66b8e1affbede05d73e691f8b742a75fab734c105d0b4e1a2d6544740e

    SHA512

    96ecf98d27958c8fb79e354a2b4ff20600fa412d1ac75226545df447b4101563f5758e956569dac63e7149d6e3eb468f98b4072c6f0d7b542dcc796533fa72e9

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    2633f0d258fb1d80e69238d28376550b

    SHA1

    fcfe862c30b2b1746ea4e22bce5515827b2eddc3

    SHA256

    7dbcce045434f7d54be541ca4ff2ad600c916234af525b85c6961bf1650481fb

    SHA512

    da834b6ee156ffeac96e4e1f9054290690aa38c719b6a405f74ef32199f5115ba759e474968ba4287bb357e6fc6948559809862d0a44ca839408aa97a5597d9c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    66B

    MD5

    bf35de977f9cc133c38b962e8297bfb5

    SHA1

    b09bf9184a58b162e5f9295032084e824b7192f3

    SHA256

    6bb6ba93d95c5427d2732e0122f6bea76f904aa4cb3d2a40721e198a46b13c4e

    SHA512

    e9a983cca5ee369ecffb90f8581b1697f0b1e929e553aca6d1e187eb7b70aef956ed5543d42f00bfbb9c179831c2237da8c09ce8adcee3e7f2be485d5cfe7642

    Download Submit