Analysis
-
max time kernel
3s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
03-01-2025 22:02
General
-
Target
4ce28e23d211d706cfa717101a2ee2fe707d42bbc952bec677587035bdc07f05.apk
-
Size
2.3MB
-
MD5
70ffd46652002e7986d1242422de194c
-
SHA1
e7b0a1872c9c101ade1d3614c8f2d2a2e57aa5ae
-
SHA256
4ce28e23d211d706cfa717101a2ee2fe707d42bbc952bec677587035bdc07f05
-
SHA512
360839f73f1a887e9ed1f98d89404c786f906dae011f1315a217719ee6dc79b451dae73a1771d80dfb19c612ab688afdcfc46617a975ddaa2ae73b9a12e7a9a8
-
SSDEEP
49152:bhMWmFTqzAgGnuUVEvf6Vbxj57sD8GAa5PWL7oznvhLnuJj6ZFQ9yroSJOQyVi0p:bhTmFH3nVEvq+PWL7svZud9yESJO1iVE
Malware Config
Extracted
octo
https://karakalpakdostlugutasarimi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakmodavesanat.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakkulturunsirlari.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakgeleneklerikosesi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdesentasarimlari.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdokumasanati.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakmodasıvehayat.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakyanihikayeler.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakginensanatdiyari.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdesenvesanatkosesi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpaklagelenektasima.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakustalarinakil.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakmodagercegi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakvesanateserleri.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdaguzelrenkler.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakseverlerinkosesi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakileribakiyor.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakdernegitutkusu.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakvesanattasarimi.xyz/NWNlNzMzN2Y4NmI2/
https://karakalpakyarenlerisever.xyz/NWNlNzMzN2Y4NmI2/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
com.tennis.lunch1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD56217cbbca05c77d7791ea2e85c22e1d2
SHA15254134add1811ca58ed8a6edcf2fd32b83d3371
SHA25670b94fb580925f102692461fac95f9d7498966821cba679369bb74e93236eb35
SHA5120d70d36b385c0e8ded96d24686d417f1c1c142953b4b2b7c5d503ada8aa7e177ddb04364531501b1d592406f3b7381867ce4c7ea4b624e3fcf82b8f170302a63
-
Filesize
153KB
MD5c0d1d7e5525d42d2ed538a7ce63ac0f4
SHA1ac6049fa86270bc8f87f5a20b4a2361a6acc431d
SHA256e898d5a54ff758b82f3f36526c634c5fc99eccb524caa637550fc3f36cadf421
SHA5127b173c0e0b74b03c8a502c71f1e87f5672bf2f3839bc44f5e8d9e09ad96057c9a481fc364e2976cc6c0524cf50168f74c89a8b97c3731b01417e97733e2e9b9f
-
Filesize
451KB
MD5182b02d7488b7d20422ccd18c55095f8
SHA1b8280a9b8da7553dd9744952bb5fd41fb3c850a2
SHA2564dc422f9b7b8fa6d671f2c70f229386f90db16fca140ec9f8b98a2bf08fb4111
SHA512097025e0849328e91615ff0f5ba8f267e645132a2db73bbbf521584397f1b9d65d9dec043c33486e5113f40b8346ec657806c5d735c320486161093e7d9a745a