Overview

overview

10

Static

static

6

3256ab008f...83.apk

android-9-x86

10

3256ab008f...83.apk

android-13-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    20-01-2025 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3256ab008f93d30b70b69c8b83f444c19213cd3c0e6ed79e0f550d29d00b7e83.apk

  • Size

    2.2MB

  • MD5

    a39515b9b7d006b20e817b0eba75edd4

  • SHA1

    09e0baa07ac86116fcc01124a53f863e7f7afd31

  • SHA256

    3256ab008f93d30b70b69c8b83f444c19213cd3c0e6ed79e0f550d29d00b7e83

  • SHA512

    fba4bea1f8e70234cda8f46f0524023750ec650a0dfdafd46ce5e4aa995fed160a74627688cb17b0c40b1fd144ce25bbeae5459a58ab43e8fbac6887d27f8123

  • SSDEEP

    49152:JcMlFoCi2MI+By661XHQOhrgku185/q+qU121vc4EPVnMxnLuC8/O732IQkyJE6v:JX/oCcI+BshrgkykS+qUHhdnMMRFIaJJ

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://hastanebilgimrehber.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimiletisim.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimkapsami.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimtavsiyesi.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimkaynak.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimyolu.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimgucu.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimguncel.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimyonetim.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimdestek.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimyenilik.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimtarih.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimkaynaklari.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimplatform.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimdogru.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimdogruluk.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimanlayis.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimhizmet.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimkalite.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimiletim.xyz/MzhiMTg0NTAwOTY5/
rc4.plain

Extracted

Family

octo

C2

https://hastanebilgimrehber.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimiletisim.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimkapsami.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimtavsiyesi.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimkaynak.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimyolu.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimgucu.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimguncel.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimyonetim.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimdestek.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimyenilik.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimtarih.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimkaynaklari.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimplatform.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimdogru.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimdogruluk.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimanlayis.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimhizmet.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimkalite.xyz/MzhiMTg0NTAwOTY5/

https://hastanebilgimiletim.xyz/MzhiMTg0NTAwOTY5/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.techvision.smartapp
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4354

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.techvision.smartapp/.qcom.techvision.smartapp
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.techvision.smartapp/app_example/hU.json
    Filesize

    153KB

    MD5

    07198975eca0940ad420bdc1656bb98d

    SHA1

    5f90c89b62572226f17627085938ac1b34c19564

    SHA256

    cee299f2d5b9d1003109a9c61d991d31320d991d2ca13af8be0469a9342270dc

    SHA512

    85865c525752573f331bcd68347d5b82521878825dc7b4a5a54373f110848b97937ba9ff8f61f61a643d6640325304afec3c4c7486c26df8b3cc1f043f3eafb6

    Download Submit

  • /data/user/0/com.techvision.smartapp/app_example/hU.json
    Filesize

    153KB

    MD5

    368350f8e1f7f9169d3cf08090201323

    SHA1

    28c7f97dc9b40a75a6fb56cf5910de246735c7c0

    SHA256

    3a125bb0d79b517f91df11d96736cbfa5515f1ce59e1ec173a4bb4353ec9f76a

    SHA512

    84f91898b67fa8143046cc4f484fc033fe436cdf61414114eb11acc31bfded353f5afc0085c1efebbc2830538c9670073db89077819e5073f513644f13ce4c31

    Download Submit

  • /data/user/0/com.techvision.smartapp/app_example/hU.json
    Filesize

    450KB

    MD5

    a26559217d84c32c2c8a0bb59f1ce1d8

    SHA1

    f0ea68ad2bd177d8a4216b21db87500f5e0d25ee

    SHA256

    2e51decdc36ac38ab36758a65dc87817eb319eff59b95f9c36abef0805671224

    SHA512

    cea40a37df07feba39b6b106c9a9741b4b026da56af50b63352c440c4388c4be83c5477eab690a8c33735201ed3e1f2eac344b3262036c2a4f948154132f759a

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    70B

    MD5

    55adb4a46a5d7ffac42cd58ce9abebfb

    SHA1

    d5e1e056ef1cd3d8e1d18f83cb069fd3056f40b7

    SHA256

    3191c00d9805127c6836168c54f2fbb39c4e24291f7a4cdf5f63eaf9f2b8ef23

    SHA512

    22388773c5948291e47bd6166a8a7e99207b929fddcbbaa4d9ff30de257d83ac0a04f081bb845f892ab23ac045481ca7eac6bc928372dbfdce9e40af80dddbcd

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    52B

    MD5

    fc60b5b31e5be65d9e61e55e6e3bcbc6

    SHA1

    fc5b4d28bfdaee2edf75e0a61fcb625f02702aa7

    SHA256

    cd8f8603bd1715249bc7441426fba3487517e8a1237f3390be4e43eb24ff55ba

    SHA512

    515c201e883c170263d340eb8464886404052175bfa29bbd4aa727b08bdf173c69a40b1ed79615f88f0dae7e30dc77ecdcd838edc1f93747b70b6878eb137b18

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    66B

    MD5

    43037728764740c8d3a243bc0e897ca4

    SHA1

    77c450eddda5d42e0c29a55f8e16ba665bf65391

    SHA256

    a481acaf199d8824fe2c2211a1b3352fec3a621f7191816ff5b43e6c6a28a2b1

    SHA512

    9c12a55591f99cd77b684f2f2fc5ab8f213f2f49abb1eb0e8f7f28c12606a953086fa083e771784fdbf088d1d964787494df56cd9e2a2b3703078f4f385ea150

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    84B

    MD5

    bc9616ba7ec6273886e30ca618f2f0f9

    SHA1

    2e5a92990cbb9236a1d934a77f745b822cd31646

    SHA256

    310293527607f9a88943f51922e741ed57fe79302d79b68c4f0650db766b026d

    SHA512

    143df32ec005c00c46b1f8fa18560a05db338e4455d99b987e7fdd48ec322f969763491a546203dd8f3b0c0e34352b5b65e79345cd943184c99b6ec374acc855

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    60B

    MD5

    7b0b1f9ed41fdaa8fab1f073a6f96bfe

    SHA1

    28eb929e63ceb6b9bc72b2797a7ea9bb0d94a393

    SHA256

    c21a96dbee294e19d835789ffb5f1fa2f5f093f5a35bd6fa96f23b36b709c911

    SHA512

    3ac22e833656b3842c0b5d5ccb986bd519396c91eaf5500e066e0cf862700e42f27c7920c4dc355f479727e9161a0fecf68ab6e79f3ac8f765ee10f0309db570

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    52B

    MD5

    e3eeeac8f3ed74b4fa7f9bfa66185a08

    SHA1

    bf0a1690d630bfa198495c68d8fc52b970d677b1

    SHA256

    71267fc8be0b7e0edf55e3cd01369bc22f35fb45fdbe9d3e14e05a0635042801

    SHA512

    2803fbac076a34a4c01cf4de692b82f98ab0b4d36fb0d77d42130493337a43111468f44a525ff32372ea0de1ebaf6bfb19b7780f038f7741b5b62bca7e9cc20e

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    70B

    MD5

    5bd07e5273066f10e1ee815bf42bcecc

    SHA1

    eb4ffd24dcf6beb4918d0345937f7081f777872d

    SHA256

    abdc147edab08d8b7d8231b2f1e00235eced79ab3f98a0db7f064ed34820c4c7

    SHA512

    3b0b3ebf4f8cd774f981a7c65433222f7e3ca6ea30ba0ae8d175da4fa1a5f35ed3da79a5c3f5b97e0eabeb97d58d94b24952b28c9adf865977db09745ac278c3

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    55B

    MD5

    419ba8402babbcb09c49797abfb78ef0

    SHA1

    718e11a7bd18e5ce2d18a5507763d4cdba0b1c03

    SHA256

    19d6b18b8731a6a0390ce2d51fb4a75946b9a6441a2649f638400bb75be81d58

    SHA512

    328183b5002908fe58f44aa3add29c99322599ee4fd6ce11a89d791dfe73d944e8f1e857c48b8fea9afbb8d7905e3a243470997e0a8f104a33a925bae990766f

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    45B

    MD5

    b05fe9607ae179fdd6156a7fbd676e13

    SHA1

    12f2b44799c25d76f50b8aff2d5b3aae4b828a97

    SHA256

    9d60d6c6de8cbc8e1a7f9a5909eb8e580c5bcdd803c75eb8e9da1febede126b9

    SHA512

    d141a5c25c45fba0b9f226fb07aea303451346769dd8c7a7a9d83aeec76135b0387441000c04efeae7139c4bd45a53a785be4b766d3635b08ef3bf122b7c14fb

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    490B

    MD5

    6c9b5d5e715a5806fccfea9e322a80e0

    SHA1

    8873dae9ec899e8ff33a62be61dd2f580513caf0

    SHA256

    ae5fb62d75d40a9e60c967b93bb73057e7ec564fb0584ae6399e740614ba6840

    SHA512

    23d9bd8f1a50dc760485793543105da87d2af049ba045c1d7c7ad9c8331886657b7bf6b471fada5c5d78a1fc81cd55209875a1000876d7fc578302ba77206d30

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    214B

    MD5

    92519a2a30836792debc4ffab8887ec1

    SHA1

    1df09eede4357e767b8ee760bb34f0b01774b2b7

    SHA256

    9b69c10a8a815305142f3944a181766ccb98f0534e7c816951e5d1750690f10a

    SHA512

    16c96b7b322e6eee87283faaa2a385b848ae1a7d8c78aac6bbd366fa3a940a314f2b4fde9f955533a5a46afa9a30f1bddf3266a21a84a87c3d16d5e74f41c035

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    61B

    MD5

    52710bb9451eade15dfb54690cfe39fd

    SHA1

    b6592d59424f5f138044365dd592b8700f0b68a8

    SHA256

    e021c1db8e105e78e361e25c8602e3871e7c4a23dc44d1f4d387265beff392fe

    SHA512

    e0b275ddee7cd7e46386e1c3de6ff8ba4cd5e7ca87775a204573455e473fed4dcad5a7118fd5c85dc47c9bac6edd85ee21c2cdf155967b0294de3a587aafaa63

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    53B

    MD5

    1d77367055e043b6245b1a03cfb05f31

    SHA1

    379b51687840bc02be3aa2b0edea35ca2991e4fa

    SHA256

    92edb810eae25d62e3ed1ca00df0e61e49da8c4cfa41fad9bca8754d469f2ef8

    SHA512

    06aea61300584c403334c3f365d794ae74ba367dc886a65b3a62242b22f5e35af8a8934a9a30ccde73720de3edf9b2279d26ed115729d49e0f32b45baaaa158f

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    68B

    MD5

    ab8035417ed653eaf08d83bb82b2e4be

    SHA1

    94f05e7226e4ef4c7e961204e2f67e6470c34d0d

    SHA256

    2929b9065c4e05240a17163873e034db5624168358d14a7f300a2e2109111cd2

    SHA512

    faf18ce50cf0370c3dd7c5c60e1c4e30b0d1b6ba1f9aa483074d167ab5213f167a20c9702da9aae902f22cce228b6b9fa3b99b39a2862b97dfc8d62b630dba1f

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    60B

    MD5

    387f9686325310ee9043ddf006e28e6d

    SHA1

    9a874f7bbd3be1ef58dd79f347dea08e6aa78477

    SHA256

    196940b17c6f40f0e55406cd94cc27f28a450f922fc0c78bdd2d0b94b55400e6

    SHA512

    2e6819e0506a925b9893f742f8ccc5dc704197f61554a914e53fbc7b9aa9d57d6147b24ddc24d4f34c0e190e8629c3e834fa7b6bd7dda276ddbd6b353ed09591

    Download Submit

  • /data/user/0/com.techvision.smartapp/kl.txt
    Filesize

    52B

    MD5

    8ce2adf64a9db62fdc7912b8e57d8168

    SHA1

    98e932cd12cae4bb0ce0ee8f51ea3236db761716

    SHA256

    d1cbd0b0f2842e9cb4547e7156c517103a21336b6722b89adf6746d16ce27e06

    SHA512

    4322636b0800235710e4709dd8fb6dd79c0758f083c2c36891e23514604ff50231c224c5caba6c8b31b1d5fe0c5b99468019d8759af4d027fde086fa531e847b

    Download Submit