Analysis
-
max time kernel
7s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
13-01-2025 22:01
General
-
Target
a06cbcf9a3b7047e3e833727a815294323b71c07582ce99b023a85d0157e3469.apk
-
Size
2.0MB
-
MD5
a143e60230e024c01acc2515bc6b1e5f
-
SHA1
f01f10bcfd6fd06a971c9a6ee85bcc26a4152a68
-
SHA256
a06cbcf9a3b7047e3e833727a815294323b71c07582ce99b023a85d0157e3469
-
SHA512
0c188fd88cc75e8e6b03ef9d865a5806dcdc5a29ce1f0e523e790638ca0f4269dc43ef298252cb52d3982bc905611cff09401107b7aed1f34ce1bbeab7302b5b
-
SSDEEP
49152:qqG1znaep/aXgCF8H2GoJrPTIw6f+2wd4RgWnbWjpPv2psqlN1PrgGZKsL6:qqcueTVWGCOG9qDqpn2aqlnUGZNm
Malware Config
Extracted
octo
https://otorisotobuyukisyan.xyz/MzhiMTg0NTAwOTY5/
https://otorisotomakineler.xyz/MzhiMTg0NTAwOTY5/
https://otorisotoyukselishik.xyz/MzhiMTg0NTAwOTY5/
https://otorisotokontrol.xyz/MzhiMTg0NTAwOTY5/
https://otorisotomucadele.xyz/MzhiMTg0NTAwOTY5/
https://otorisotodunyasiyasi.xyz/MzhiMTg0NTAwOTY5/
https://otorisotogelecek.xyz/MzhiMTg0NTAwOTY5/
https://otorisotoveintikam.xyz/MzhiMTg0NTAwOTY5/
https://otorisotouyanisi.xyz/MzhiMTg0NTAwOTY5/
https://otorisotomakineleri.xyz/MzhiMTg0NTAwOTY5/
https://otorisototarihiyolu.xyz/MzhiMTg0NTAwOTY5/
https://otorisotoinsani.xyz/MzhiMTg0NTAwOTY5/
https://otorisotogucoyunu.xyz/MzhiMTg0NTAwOTY5/
https://otorisotopaylasim.xyz/MzhiMTg0NTAwOTY5/
https://otorisototeknoloji.xyz/MzhiMTg0NTAwOTY5/
https://otorisotomakinasanati.xyz/MzhiMTg0NTAwOTY5/
https://otorisotoplatform.xyz/MzhiMTg0NTAwOTY5/
https://otorisotomucadelesan.xyz/MzhiMTg0NTAwOTY5/
https://otorisotoarastirmasi.xyz/MzhiMTg0NTAwOTY5/
https://otorisotounutulmaz.xyz/MzhiMTg0NTAwOTY5/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
jp.neoscorp.android.valuewallet.sole1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD58ccfe21c44947b3096b865f8cfe50780
SHA1acbea0e489d5085b638b806eb84b6e3a0cc610fd
SHA256bbfee939e64ff7d4dd016cdcb2d1b15b62bf2122288e655ea9a4b71f603608d0
SHA51259de1f85327e2bdbe8dbb2f9a6c628355db25faccb605d943d1e1ab25466599c3343c80e52610deed660ec692912559deb3428c75989e0d05d0478c6e31967cd
-
Filesize
153KB
MD5dbd5143ca0ec7558fa87765b590d8651
SHA1514ff324bf2bd6a94900f5daf8dc28e3377294a9
SHA256eb716162b14cf9846e2059f663cf0ddc2c8d6e22ab5d797f6bc4f09799e45ce0
SHA5121adb46637b9a0bef2ed10050940a1f4d0de04d8608139ff65f9a2a782f9315dba7ae7b5ec58482836a5b23a5929a14b6fc3cc44d48c988fb9b4ad4978d5301ec
-
Filesize
450KB
MD565bb8115258b7d4900089a72148e6693
SHA1d273f7a7fd0ebb1b60cd4f5ffa35235542e93292
SHA256f5c734648edd05990fece37efe756bc5ac7c3f2d9bbddb3073d2c037b2b20067
SHA51259ff998184927919e5db6eb7be59011035469954b945b9ea526f9175346d29d66d335b088935e856e9981a4c9a97bda4d8c1eba4e2461fcd4cd33bf380145826