Analysis
-
max time kernel
8s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
20-01-2025 22:10
General
-
Target
ba03a250f61166d27449d8a8ecdcdfc208b96d7e37f70ba85bd835500dc8d9f3.apk
-
Size
2.5MB
-
MD5
7395477b98c99a45c4a25d326de81a81
-
SHA1
dd646f90c4e57793910b3cb9ccbe8b1f3d1fd054
-
SHA256
ba03a250f61166d27449d8a8ecdcdfc208b96d7e37f70ba85bd835500dc8d9f3
-
SHA512
aba8ce05e0f33e9419ade3b8269551a5076339b73a3063375442c3b6654121dabfcf257fa08b8d327a1e8e8ba79f1b905946821c3b8e192d67549f6ec9bb9d2b
-
SSDEEP
49152:eo/N/OfLjOmtp6UY0tSh3HIVxkwz/nbvQTYG3tx5mUlSiKbWribW:egGfLjOmtp6uQSvZzrQ8+tPmUlUauW
Malware Config
Extracted
octo
https://hastanebilgimrehber.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimiletisim.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimkapsami.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimtavsiyesi.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimkaynak.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimyolu.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimgucu.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimguncel.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimyonetim.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimdestek.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimyenilik.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimtarih.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimkaynaklari.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimplatform.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimdogru.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimdogruluk.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimanlayis.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimhizmet.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimkalite.xyz/MzhiMTg0NTAwOTY5/
https://hastanebilgimiletim.xyz/MzhiMTg0NTAwOTY5/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
co.learnol.bksfz1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD5ea8885a294e5d61bfb87a78b44a190de
SHA1b43f78299f935bddb3c5a86eb782902e1000b40d
SHA256a2f4d42274ae8a0e041ddcab97d7f59065d02b6a224d67b23f240ac6a8d7eccb
SHA51275af54e9163c1e4e16bb2f699a12172759b1299615ef38a41314396a2f805d32a616407bd0fd3b6f43ac58eff0052ad57136f2702ec9b12e4ffdcd7ec9d4e7e6
-
Filesize
153KB
MD5488e14c6c1a49d0f360e6cb8f2c40016
SHA1ae9a2de8487fb9ea8a60ffd4002f2bd8e57b8a90
SHA256f7e4993c508867115bfd0952499e182ca0d89cb6e73e246489da95043f90b618
SHA5120425fe28b4646d49eedbc1503d95a3f4e278ec6604944f0991a42e3cf8dcfcf560ddfc220de563a219e28d6f27b8fbe6c683582a7273c344ffdc416991050c2d
-
Filesize
450KB
MD589243960818c1c09c1cb24b04f67faec
SHA1593160660db3c7042ecea68687b63a454d19e440
SHA256c305a073d24953c41b175ef45d02e03f73419e6809a7ab1b0f774550f768fb73
SHA51252ae77c8985026d89ed84601e9a6e072f0556839e207866f9e053068858e68be9a814d2ebf7095c2e0814252edeea4715557818e029ee76fe1eec575f7aa8601