Analysis
-
max time kernel
4s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
03-01-2025 22:01
General
-
Target
b6d03229397b289d7e2e4823bda621905665fb97bb3c969e76473f0901815ea5.apk
-
Size
2.5MB
-
MD5
89fad7d502f7e8f7ffbb3a9e85adeb7e
-
SHA1
bf99e1b919f517473e0ecbf58fce42c2c95e3ff4
-
SHA256
b6d03229397b289d7e2e4823bda621905665fb97bb3c969e76473f0901815ea5
-
SHA512
60651e9110b14d1da0c591c862ce3453e1a67745767d145dfff856bea6c92a41c312fcd6c9b207f8a7b7937053f9090dff29744eaf98b83a0f8a70bca5c7cf19
-
SSDEEP
49152:01wZhulvuKmcdQTasPTfSWqW2J7x5zeRsaYVmsT9RWjInlYgbTYdEr3H8xDns:/MvuKzdQmamWqW2Jx5zasuq9yIWwYeTj
Malware Config
Extracted
octo
https://karakalpakdostlugutasarimi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakmodavesanat.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakkulturunsirlari.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakgeleneklerikosesi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdesentasarimlari.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdokumasanati.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakmodasıvehayat.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakyanihikayeler.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakginensanatdiyari.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdesenvesanatkosesi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpaklagelenektasima.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakustalarinakil.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakmodagercegi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakvesanateserleri.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdaguzelrenkler.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakseverlerinkosesi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakileribakiyor.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdernegitutkusu.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakvesanattasarimi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakyarenlerisever.xyz/NWNlNzMzN2Y4NmI2/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
com.bottom.input1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD566602f4c5e4a21f7b7be9bb7a7427f47
SHA1de8587be051fa934be7f0b1c9ed02f6f4f232b76
SHA25691f8fc2eb5de461f84646742e6398200be8cf7d5cab973a635d6494e14bde7d4
SHA512ff586b33a3109316915ca964f5c6967574215e300b6c42dfc8acc4736da1b26dae0629c886a2313c5422f1464725ce190c03cbe55c9acce25f754459ad7bd1dd
-
Filesize
153KB
MD590a363ba7abc308c3526b826b506ff3e
SHA15b78fc6e00e0a98378130b9c7e3b72de0752a3db
SHA256ab54a955dd9760bea6b0091e45d17dc04f354668037079dce25ee1acc9ee8c23
SHA512e86368603dd4468e7ab1f0d6fb49db334635fcb9f05e1e3ca19482db303a83b6d701f01bc7ef9842f11f1cdd8dc3d0fba8985a9b05d973d189f7ae29244b4bcf
-
Filesize
451KB
MD5f75404e660309ebdadbb2edb071116ab
SHA1f800e6cd1f2ee5d2a1f4bb7b0fb58de7cdeb701a
SHA256ea9ad0db0190fcd03441b5d1973ed0fd353ec0d5394e87e843f0c5dedc3f86a7
SHA512240841f0887c2e92793be405ea9a0af666c63d96808a25bab65ee643a2cc7a6d29375e0745c61ae3fbdcebc598d86abe6781b6ebe38639570b5aad4cdf73f6db