Overview

overview

10

Static

static

6

e4012bdf1c...37.apk

android-9-x86

10

e4012bdf1c...37.apk

android-10-x64

10

Analysis

  • max time kernel
    3s
  • max time network
    153s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    11-01-2025 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4012bdf1c85937056e9eb293035aa227e9509479d357ff37f3ebe2679792737.apk

  • Size

    2.0MB

  • MD5

    c26a3dc1d9f319111037854abbdaef0f

  • SHA1

    8300f91c7e29f03687db0c8e076ddef43b6fd407

  • SHA256

    e4012bdf1c85937056e9eb293035aa227e9509479d357ff37f3ebe2679792737

  • SHA512

    a59d2e7384280c5b79b3eb33c7ed7158e9efc3aa49d4043fda81ced1de214f7d7efb39bc2da054bc6726b453f5eb116080b10230453d1c50305eb1c92241d809

  • SSDEEP

    49152:/dxZ6w9QJl7DEBoAo7dJ1u4zhHVNIe75oLvfTqClJighBTPogk:/dx1QJaaAo7xlzBIcGTRlJieRPoZ

Score
10/10
octobankerdiscoveryevasioninfostealerrattrojan

Malware Config

Extracted

Family

octo

C2

https://otorisotobuyukisyan.xyz/MzhiMTg0NTAwOTY5/

https://otorisotomakineler.xyz/MzhiMTg0NTAwOTY5/

https://otorisotoyukselishik.xyz/MzhiMTg0NTAwOTY5/

https://otorisotokontrol.xyz/MzhiMTg0NTAwOTY5/

https://otorisotomucadele.xyz/MzhiMTg0NTAwOTY5/

https://otorisotodunyasiyasi.xyz/MzhiMTg0NTAwOTY5/

https://otorisotogelecek.xyz/MzhiMTg0NTAwOTY5/

https://otorisotoveintikam.xyz/MzhiMTg0NTAwOTY5/

https://otorisotouyanisi.xyz/MzhiMTg0NTAwOTY5/

https://otorisotomakineleri.xyz/MzhiMTg0NTAwOTY5/

https://otorisototarihiyolu.xyz/MzhiMTg0NTAwOTY5/

https://otorisotoinsani.xyz/MzhiMTg0NTAwOTY5/

https://otorisotogucoyunu.xyz/MzhiMTg0NTAwOTY5/

https://otorisotopaylasim.xyz/MzhiMTg0NTAwOTY5/

https://otorisototeknoloji.xyz/MzhiMTg0NTAwOTY5/

https://otorisotomakinasanati.xyz/MzhiMTg0NTAwOTY5/

https://otorisotoplatform.xyz/MzhiMTg0NTAwOTY5/

https://otorisotomucadelesan.xyz/MzhiMTg0NTAwOTY5/

https://otorisotoarastirmasi.xyz/MzhiMTg0NTAwOTY5/

https://otorisotounutulmaz.xyz/MzhiMTg0NTAwOTY5/
rc4.plain

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery

Processes

  • jp.neoscorp.android.valuewallet.sole
    1⤵
    • Loads dropped Dex/Jar
    PID:5129

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/jp.neoscorp.android.valuewallet.sole/app_dirt/sunb.json
    Filesize

    153KB

    MD5

    9d3a6b5f35e4f6587f2446d4d84019f6

    SHA1

    f1773cf30dec99ae0ce4019580356917c303fa3f

    SHA256

    15c4a8a81ec7ed804eadb99290ddfc7451a68fbf6a59ba87ac9d9fdeb668d310

    SHA512

    9dbb39752a389684b1224d8164b57d3e3eb9c5b666e7cfc13a2ea11c14b1b78f75b182229d9a2bd3c1d25fe5c00bf3da931ef1c9eef9ffab5c94688973c4c906

    Download Submit

  • /data/data/jp.neoscorp.android.valuewallet.sole/app_dirt/sunb.json
    Filesize

    153KB

    MD5

    fca51e63158c5f689387784e23671f70

    SHA1

    2d0388279d4365c624e95b54da97150b31ed5da6

    SHA256

    e80b37ea923b073ceea0198bc1ec1ac8b13d97d68a96e3484ed32164404a0e6f

    SHA512

    10a27fbd1d1a1d77781ae495973be856cdba47daf53acaa8197a35fe083f8767930f77b5d7324219cae07c483ee5fc1063006a92742269524fea311b378d7196

    Download Submit

  • /data/user/0/jp.neoscorp.android.valuewallet.sole/app_dirt/sunb.json
    Filesize

    450KB

    MD5

    2b1a579650b99b4bae11ba1bf6cacc74

    SHA1

    517703dcb8e0a4ddc73e7e1e32dabf9f6dc4bfa9

    SHA256

    e7d9dff9205346302f6f2dc2b328dcd711eeb013f1c32fa364b7cfe30af071e1

    SHA512

    2329400627195904240b65d1069e10bbd5b71544b4fe8e4f040021d12396853f1d7b0cb6dace00874dde5753138f6c0260b45f4bf404db1204a367765b2c123e

    Download Submit