Analysis
-
max time kernel
7s -
max time network
153s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
05-01-2025 22:02
General
-
Target
0c2210be3cdbc7e837b337d746048965e0961fdcd861f2bf57eb2a429fafb511.apk
-
Size
2.1MB
-
MD5
0eb1cda20c51c047fe8ecd6068a3c3a8
-
SHA1
02cc60048d77101fa1219016d64b51a28df14a81
-
SHA256
0c2210be3cdbc7e837b337d746048965e0961fdcd861f2bf57eb2a429fafb511
-
SHA512
c9fe1dcf5337e6556975a6f29b27866f6a0a9e940c10302e2479c1e671ef0ef2472bb8bec366e94820d99019cb4577fd30c659f6a452b279d6a5911d1d44abc5
-
SSDEEP
49152:DmrjIwrcJcb1hS6PtBXWN7c+m8T6H1bAXGj/y4A1mG7FKozPb:D6jI+146PbWNU8+iX+/yBZKqPb
Malware Config
Extracted
octo
https://kaderotunikisiliksirlari.xyz/YzNlNTRkYjIzODRi/
https://kaderotuyoreselhikayeler.xyz/YzNlNTRkYjIzODRi/
https://kaderotununeskilerehberi.xyz/YzNlNTRkYjIzODRi/
https://kaderotununanlamveonemi.xyz/YzNlNTRkYjIzODRi/
https://dogalvetazesirkaderotu.xyz/YzNlNTRkYjIzODRi/
https://kaderotudunyasinefsaneleri.xyz/YzNlNTRkYjIzODRi/
https://kaderotuvesifalibitkiler.xyz/YzNlNTRkYjIzODRi/
https://kaderotundogalsirlari.xyz/YzNlNTRkYjIzODRi/
https://anadolununilacsikaderotu.xyz/YzNlNTRkYjIzODRi/
https://kaderotuylaedilmisiyilikler.xyz/YzNlNTRkYjIzODRi/
https://kaderotundanyenitarifler.xyz/YzNlNTRkYjIzODRi/
https://dogalsehirlikaderotu.xyz/YzNlNTRkYjIzODRi/
https://kaderotununmistiketkisi.xyz/YzNlNTRkYjIzODRi/
https://kaderotutarifvesunumu.xyz/YzNlNTRkYjIzODRi/
https://kaderotuyadogalcozum.xyz/YzNlNTRkYjIzODRi/
https://kaderotuyolcususirlari.xyz/YzNlNTRkYjIzODRi/
https://kaderotukulturvetarih.xyz/YzNlNTRkYjIzODRi/
https://kaderotuyalifelsefesi.xyz/YzNlNTRkYjIzODRi/
https://kaderotudunyasininrenkleri.xyz/YzNlNTRkYjIzODRi/
https://kaderotuvebitkiselyasam.xyz/YzNlNTRkYjIzODRi/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
com.power.lion1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD58ae7c527aaf745da06acc672195dd425
SHA11cc527721de09623439fb4932467051178d0d74e
SHA25674fdff5cc8757ba7641692a3fc9c3cb696e79a402a1e888790a88472b43f5739
SHA5129c73a6ccdcbd5b5ba3239e28d94b4585563f6d68112670dea30e9b5a5836b28af55c18eff43b697479016f82adc7f022a8c45d3864b404c7f99636aca600e060
-
Filesize
153KB
MD539cebb307784cd2b4cddb54661a41cc1
SHA1bee3b3bd50b58481f5c7b5e4f7f567811f8a2607
SHA2560c42792974b2f4763b900c3e0a03eff722a4f586d8ba43aab740013fdb61ec4b
SHA512b717d199028f243a2d1fdda89ff22e070f260847d99c69fe4d8e9545d881244ab5c354b4c5c119434b0ff77ed913fcb9ed36f1cceac48fc59eb33d7270adf70e
-
Filesize
450KB
MD56982fcb3c0fb104d96d12d5a7254683c
SHA161d07ba06291b7451f90f8a9bba07d07a87b93df
SHA2564755cc668211b4eccb46a6f3c50be2a787a8f933cc925934f3048f9dfdfcbf2f
SHA512be333a46d9c8c5f48016ad1b153776e2a319614cea7c5cc1c836b62900023f3a0dec83782cabbcc5672566749457cefcf4a5f90f42cb804b917d5f7c20777613