Analysis
-
max time kernel
2s -
max time network
144s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
20-01-2025 13:25
General
-
Target
file.apk
-
Size
7.3MB
-
MD5
c8d0643af82131b011ae92b5632b134e
-
SHA1
1f584874bc031dc6cfd05ceef02162cc1a79add3
-
SHA256
0b3cd8d23ca38dba9fdee297be9186a36b8f19224b22c577e2d0edcae25bb37a
-
SHA512
3568b8e693095143da0de37149ac83eb27dc082331ea7c5ac67ed6f2d44d9da98ad436bbd8234fe63cb6a244866cb463b41f640d801d23157ef4efbcf4952c16
-
SSDEEP
196608:mqxULREXv3Xfr8oZlYeOSA9DS6gQC/gsLigt:Jxtr8o3YepzP/gsWa
Malware Config
Extracted
octo
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes
-
com.tqdisplay55_sync1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
1KB
MD5c8c32250354c4c0feacb42c4a7385067
SHA100c76dd9991872bac62762ffed37ba72709830e8
SHA25644a1fcce6ea31e2e4ba86d36565b4ec50ba408af2a101170c77d8208452b03df
SHA512212217377be8139bff53767e4e23f790721d34fbdfc76a87f304b4f3e1861c8b326eab70f0715470bbfa5af2e9d9f227a187c02bb68660ebf92ad7b2dea1bf24
-
Filesize
1KB
MD5c39633e9a42ab69a75ba09c536edad11
SHA12c51ef47df0bdbd2c5940adcb0a2bd9881cdabe8
SHA256c210205a37cd7844a0805ce3e97fe7b1af89110bd9be2750fa76b3776e12f0b6
SHA51263d2f00f6e0bc9e4f5985c16092bd489e86ff2ce99138bacdec0b19af8b45c417ec98195e9cdaf9d2eda7b71eda33d606a1fd7e183404818420db373c0cf2fb8
-
Filesize
1KB
MD54b87d2c58c071c46ca7cc3981e2df338
SHA1dc0745097837ac1e11e93e08644447a93ba72b9d
SHA256d47e5c045ab0cb729401659d1bf1b3d40be92a1cb0fb53c431b57365c183c853
SHA512cbcc73f5f7729478c3dbc5edcaf592c6ab0d78f8b42ad78b427ce14b3eb863ed749da2c213b6d309860de3d8a25d9818c23ac95d8beb395be959c6320cfaa31e
-
Filesize
322KB
MD577dc50489b9323274732d27dc8a4e803
SHA10e02a3595b62489d0739d771881da8604d117c65
SHA256c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820
SHA5120684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58
-
Filesize
584B
MD5260e968d01c88dcddfd8b0489c9e4dd2
SHA12cdab9d09836eb2aa6963a31b3ef2275279315d8
SHA256a78b50a1ccfc7c49f20a50db65a703d0d967d74207706697bef6d6564ce88d43
SHA51298b6e7b8e1d75f4ca41d9738f91605f11c5e84d72acfacbe991c2c5a154a3ab3f216d218fc892d01af16fe3efd481d99f6e0b8ea0eaa7fbffb21eceb8aa92f0c
-
Filesize
525KB
MD59d738fa90fafc0026c3dcd82707be3ab
SHA14a7293b550adbb0f4ea5287cbd2ca8949e8ee25d
SHA2561f7cc3a28438513bc6ce378b6f4df7b7a6bb5418240ae83949ccea6b70b4b7e0
SHA5122c28758446cc646d4afde925fdf303672649d55d328d9aa70bce06f14720edfdd37f3fd180460e6e12391ba1a5f63e85b3bee2e898c9a66732c31051ace3b1eb