Analysis
-
max time kernel
3s -
max time network
36s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
09/01/2025, 17:19
Static task
static1
Behavioral task
behavioral1
Sample
028c30fa4780640b6321a73951732d1d373333dada278ca2f1c09b7ce1142bb6.apk
Resource
android-x86-arm-20240624-en
General
-
Target
028c30fa4780640b6321a73951732d1d373333dada278ca2f1c09b7ce1142bb6.apk
-
Size
9.5MB
-
MD5
41ea6683aa816baf957d3202fa9c5054
-
SHA1
17468a8f15bfa52a0514f194dc357212fe2e4288
-
SHA256
028c30fa4780640b6321a73951732d1d373333dada278ca2f1c09b7ce1142bb6
-
SHA512
0a6ae47bbb5d62a6a72c13becabc94ea0da2874ce0caa05ea5a8d3a0ba7406cb352ce53dc2f014775e95b34d285c26bbb37f7aea46b784e6a2442e640328bb6f
-
SSDEEP
98304:x+IYdaOkddteFHjJ3pOHKe322Y+hhbVKvMMQ3XJRsMVJBkMJ9h+Fu5iSRGvZlqj:AMYHjJ3Z2Y+PU0L3XJRDIwrP
Malware Config
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
resource yara_rule behavioral2/memory/4946-1.dex family_octo -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.yjorg23restheme/app_team/mg.json 4946 com.yjorg23restheme /data/user/0/com.yjorg23restheme/[email protected] 4946 com.yjorg23restheme -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yjorg23restheme
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
1012B
MD5eca498645b5bd16383bd428c766925b4
SHA1d961d42d2100cac7ee67bec77cf446611dae723f
SHA25623ed1dce46e866fadbdaa2e3af826fe7a3726d62e7c777cd274dcf3c5eed9ae4
SHA512c4769e8c4f6eed0af503cb74b4104bef714a669a6f5e7f1454ed03474d46e2f90f82d04e4ecc3f87e43434eda5e95ce627fb8dc65f91e819e5d88bb7a0826c12
-
Filesize
1012B
MD556d6513b22ec6c4c9ba5ee855c1e6579
SHA16b2c0d2e9b3478887143a0c6a9b70996f47ca985
SHA25685a749450e9623700ec834c65a7f0c7b8a097fe74d8db0364602e13808d4d7f1
SHA5120904be674cde0bff3bd56bbe417825fca1bb34b39662b73a0ac3c5bb1ececce29c1a01fcf262c35e99a2e186d143addc4b9e9bc8458d75ca0f38823feffe877a
-
Filesize
322KB
MD577dc50489b9323274732d27dc8a4e803
SHA10e02a3595b62489d0739d771881da8604d117c65
SHA256c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820
SHA5120684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58
-
/data/data/com.yjorg23restheme/oat/x86_64/[email protected]
Filesize285B
MD53b7a191278c0d377b6509bf204edbe4e
SHA118f4ab2278c0e669e21a04a54647682093938276
SHA256723624f9eefaf089b57db52b96de4d4ddb2d5987ecc40ca2d2141a55d0f6c1c9
SHA512fc62be5d34c585240ec98066f9aea60397443f0b4b79209a0ac8f32dbf7826690bec969bbc5bb245c0e04853e38e27ad2d9acfbfbad0f61c0ae1ff2c2de185dc
-
/data/user/0/com.yjorg23restheme/[email protected]
Filesize525KB
MD58e2b97167fbf1e4345812fa752e62a58
SHA1cc00ab2c4d1ae911ec0dcbcb2f59f3b3c0c9432c
SHA256b173c2dd59255787c98255faaa5d70668203a97d182fad1ec01ccbc3f44c551b
SHA5127c567d0085a63067ff3e3a69a1f3cf0877cc7758016f429b31c9cadd3c139809f5a6d2c4b9c339f188e3500f35d1a3d1b9480dce6a9894558ca1cb5345d25fd8
-
Filesize
1KB
MD5089255f815eb0905b6d907afc565cfbe
SHA1e45b27316d7f31fabfd50e4f4f344da3e8a3b972
SHA256b7aae8943606b2fc76e6ba9e3770d1050300cb40d97fe9c5a240872ec6e8dd7c
SHA5122a6ffe80eeb5609ed8f502a0a7eb0ae73df1c9e9cba2f13f3e97b7b83496467aa5deaca943193c923d3a7962412c7eb876c739dd887a3871780d53c82a5664c4