Overview

overview

10

Static

static

6

2977dd56ad...10.apk

android-9-x86

10

2977dd56ad...10.apk

android-13-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    16/01/2025, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2977dd56adcd3b1be45bc50f98bb31619557e249d4407e74ceeae36ec49c3f10.apk

  • Size

    1.9MB

  • MD5

    dd0c205619bfd779c756c8ba37be7595

  • SHA1

    8674f0bb3208fe65fd774a936f3e84d1d51992c3

  • SHA256

    2977dd56adcd3b1be45bc50f98bb31619557e249d4407e74ceeae36ec49c3f10

  • SHA512

    2c35846ea64d7cf408c02fff051543faa4844f417a697d8483d5a598106b7aa299fff7b6de6b334d966a6cd1f3a9c2e5a3c9ef492f9270c11ad560697ddf4f19

  • SSDEEP

    49152:oSf24uFoCi2M5tr5PGGDH1IodLqBCTXvtpHOD2iu:/IoCc5tNPGGDbdLCIfPHe2iu

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://yenisafakhaberler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmansetler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgunluk.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksondakika.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyazarlar.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgundem.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakekonomi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakspor.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakdunya.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmagazin.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksaglik.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksiyaset.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilisim.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyerel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakaktuel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilgi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakvizyon.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakteknoloji.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakkultur.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakinsan.xyz/Y2U1NjM1NzFkZTlk/
rc4.plain

Extracted

Family

octo

C2

https://yenisafakhaberler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmansetler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgunluk.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksondakika.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyazarlar.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgundem.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakekonomi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakspor.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakdunya.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmagazin.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksaglik.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksiyaset.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilisim.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyerel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakaktuel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilgi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakvizyon.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakteknoloji.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakkultur.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakinsan.xyz/Y2U1NjM1NzFkZTlk/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.techvision.smartsapp
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4347

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.techvision.smartsapp/.qcom.techvision.smartsapp
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.techvision.smartsapp/app_easily/XW.json
    Filesize

    153KB

    MD5

    57d859a0f1a286ed0a433d8222f42dd1

    SHA1

    f95a22dd83c7ced000b0166084c113ef1dce2ece

    SHA256

    1cf2c2a2c3425d7ac5792cd48d10b49545fad311bcc066895b0afe474c129565

    SHA512

    64ccf3b732ffd86499ee891f745aa53ad069673fa4b02a03b443d1fe26389b961ea25b0f9558a75f3666636cadf4f19588141287213e2c388a9d708548420f04

    Download Submit

  • /data/user/0/com.techvision.smartsapp/app_easily/XW.json
    Filesize

    153KB

    MD5

    9566c5b476fc8f1e8eba06bd4c97dd3b

    SHA1

    d167a0734b1b8002f943de8131ad7f90bb8f03bb

    SHA256

    0565cf4e8898ea1a522a24ad66a29c51e8184a9013088511e043bfcee3f61bd1

    SHA512

    dcdbf26cfc1ca582b2eff490f3c9df615dcdd71fa69148bf9f58864699734f7927598f56983febc39ea38376d2b004ba3dd5914a6a69de44c7e9655d6a8c03fd

    Download Submit

  • /data/user/0/com.techvision.smartsapp/app_easily/XW.json
    Filesize

    450KB

    MD5

    fd73e2c351057b206df49a84b2a4bb42

    SHA1

    a5b3ba88bbb1c7278f9a6fe8d2d4376b606809c4

    SHA256

    aded517d22613e0dc8ad3c8239027623aadb134c51ca9a5a303abb1f4723b0d2

    SHA512

    a1aad9e3fae4bd2c316361cbc147129b447c586f4ad184171f7bc18c242df3a467b29a4faf24155cfcf707191c403f2625aa8e057abd7bdace084f53e01c138e

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    55B

    MD5

    7fa02b97b675b57328d0b7959f22192f

    SHA1

    b00d307af4e8b4390095de1177916d33c615e56f

    SHA256

    ea7f3e32532afe01d605721b628102d694efddfc4ccd071f0c6a19baa9a4e03c

    SHA512

    9fe9ab5d28b74f6d651ff4b9d4d8a5042df74726a0ab32ca124d47481960f9ecf8716f2dd44a587e7c48de4320fea13421f76f0baec4664a2088a25abdc2f996

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    45B

    MD5

    f0315102878f8918ecd030348d65e9b2

    SHA1

    e4d48a2bcd28fc52ccfd5d373663fe45c17bf711

    SHA256

    b58d5b83437159ff214b44a1470b06e0110c47e53eee408de5c385fc1b874aef

    SHA512

    7299c31d3eaf4f959be96ddb7fb1663e9e966d9918632917b44dd272a3caf3a4c3179ed19fcab92e648d38f6ea7bd5ca070afdc5d0b4cff474324c15b00b14d4

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    490B

    MD5

    d116ec270f33348d625e892887bbd74b

    SHA1

    41a7afb4f7cd3dfd1d832826b063d6284fbbe1b7

    SHA256

    0bdbb0105d9b7c1c618ffb257486e486d1bc23f3bc68c05fca9fddaa28ef0d4e

    SHA512

    5da1ce375f7256522b637f07569fd8a27b81053b1ea900e725319ce196b55d6c81b461dbd8cc58e6a2e174d1543a66721d564b1da02921e830c0e77adbe24924

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    45B

    MD5

    77d89fb5a5013b1131fd2ee3f8a283ec

    SHA1

    369f8bf2f9010e4107ca4e16b1b4831121fd9a0d

    SHA256

    8ba70ce2a055c15aefc8e5918e7ac4a7fe3cc44abbaf1798f46e8032f548ef5e

    SHA512

    9df634dbcbef2a287ca673931fe983dd51b98d4417f86dedd415ecad737c25742be7ffd63fec6854d0cb31835bacac3bbf81f49efc96d4ec009edb497e2a8ac9

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    70B

    MD5

    642595ad28b012ac9db88ed271132bd1

    SHA1

    257be8c5f4ed1ccbe7b2dea07d116d7614e61c4a

    SHA256

    9ce3d1a09fe5d59ec8dd2ba5ad70cb59087e3322aa6c368ee619c21d2c439a89

    SHA512

    b86766bdf7a4d1a0dd37d0d65c631332fa52aabb6e7bb4b6b6d56d6c85e7fb1a0cb47e8d677652877c181a6fe6e28a13dc7ff5df4e9ade1aa45f33c61999f799

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    70B

    MD5

    933cecbc1099e5b09b4ea70e14f4ffec

    SHA1

    566f8af4bda0a195a6ce181e62ebb0fcd5610bc1

    SHA256

    5e3425f810815709d1691933c71b4424ac71f781ac0358f3212d7dbb6964c6bd

    SHA512

    30eeff348c39d9a4c1b4c1116c85f44848e07ff4f6d9dbefebb199d7e041894fd2d49cf4ec44228dfd86b95dcca2556463c5e71403444bf9eaf8d279bdd710b1

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    52B

    MD5

    9ee99ab2cfa0d4153d6a45d22ed7d5c4

    SHA1

    ec901b4ebcf42e2956bc24c5e754057df94c7eed

    SHA256

    e4df26cd0155037d77bb327100a9f50d34f9635c4db13d1cc39e2619ebf98f4d

    SHA512

    37590791276954bec1e290c904d4063158d0f47b2c306f50e964230e773229c2d0c3b7a16e0558e340aeefb4ad4ea0fcf281152fe90d42382eb3d4e9d0adf59a

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    66B

    MD5

    44284eb9363fa922eea53fbaa59ed9c0

    SHA1

    feb1a3384d13d7e96b73f7fd812b9ab72d0dbc47

    SHA256

    3f06cd2dc0ddb76168316c642b0e7ae2a0ed1753164b27af858598bccadc96b8

    SHA512

    ce595ea7e7f931f21f450e61102f878ceb454e8f0c1cdf6eb90e904a55ef19a6858a62bf84e79c6ad3f86431430a4a5bfcc17e813ae1642c0356bbfd75dec54f

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    214B

    MD5

    c9e9e829e3cdced614a9c0239b0d4229

    SHA1

    3d8fa9c3081a6cd62b9440a6e1ed4579edc96e9a

    SHA256

    9ad8189687607eb1258ab8eac84f4dda8bd803b0bb9a89da06cc91ef92c6b49a

    SHA512

    8c679e17085848e0ed9b7b9995b7151f29b0d3bbeda424393f72e921a9589dcd7af6857b9e975d90eacbdc3a13d9e76d6415b8ce9e14242d30f37398176834ff

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    214B

    MD5

    5752812d4fcaf1e359f2400a4040869d

    SHA1

    81e90a9a7a62b6f6c3527f34b1a5c4d88a2857c8

    SHA256

    f3619eb1ae76572377629d956e24ff619b10a6cb8abb4865a8baae27649a5913

    SHA512

    0b28db41eaae93656bfa8ec4496ecf1f53654bd95f61000f2e19ab16c421dc28249f38443e0c4130d3bb3a834892b570275fa9c3120c7d11764d360750990da0

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    53B

    MD5

    68c6c3b7e1995909800e26a559d6818d

    SHA1

    7456374e0822fba82a9eeba50978ca59aabb2caf

    SHA256

    78130544acadca1907ecacc143f295123d45a11ac3eaeb29626456cb996fa67a

    SHA512

    fb00469bee05d9c66c618c029e4d46bc333ee0a7e3003e48d9a0ac754672298c436967a4370125153d5b072da9db507b1d702da53f23b701bec1cc63226c798b

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    68B

    MD5

    8ebd37bed13ddefcf509f321229db7d7

    SHA1

    1506a3b770be63cee1ee8f023083c973a965a797

    SHA256

    ea43a65c74e0db570d9828d3c24807cfd38179c083859ff3e4f2a8a44cea3362

    SHA512

    3abe99572e9fb48ab3d8866a875d4bf96e4691148305c4fa3c7d0bba3e2cf6e6504011a6a503acc56177187139a4398ebea11c43dec5c179a1ef24018993c968

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    214B

    MD5

    4b3bb8eabc1bc1b22c75136a203b67a4

    SHA1

    1976a60e61980f886395f81ecc350eae112732ab

    SHA256

    3efa24f275ea449a417c37a3c57a5c0f2f2a94b90d40b6deb35c823bccedabbc

    SHA512

    9bf9934fb4448e9c42e4c7f044187965c03e6981c8c528868070ba09a93302b89533aaf51d2dfed54a1998b0b0d94f6e6811ac763072abc4cdd293a6a4819df6

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    52B

    MD5

    6428aa2a30c1719dcd96d3acb9a48dd7

    SHA1

    dc7b7383f63062ae015f50e7678e77b3ca6d4c86

    SHA256

    80af284880868ed9f0d5c00e40fcf557c4a4263ba06d0b2596597401575881a6

    SHA512

    a38623fe5e1d3a9f8153085a10ffb1deee5c143342d59ad3967fadf25cb4d341a3bd64639e4ac48ddb2a08290adf95167a7f88bc2c12c5b5d87a55b340c60a16

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    70B

    MD5

    30358f96d4bf372d05a07de4426d0e8b

    SHA1

    b18f9eb86ea25d0753839ff56195d9e2db9c5d28

    SHA256

    d65d469d1f15f94af7dc541fd2efc34e5deb89fa88a1f9148d3754c261df8956

    SHA512

    e9816d45f95862b6acd0c2da64c0cd997a03c3a4c94730059aba0c127eff64b6cf5019e4775caec43eb162a843fb1a6f76fbbca50c359fc81c83c3fd1cd7d6b3

    Download Submit