Overview

overview

10

Static

static

6

10a95e08eb...87.apk

android-9-x86

10

10a95e08eb...87.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    161s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    21-01-2025 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10a95e08ebcdc813db519098e5825f03344ca3bb2f4e9ff93074aa370dff1a87.apk

  • Size

    3.3MB

  • MD5

    467809500489d2e47691c57ef8313c0c

  • SHA1

    4a383c8e74b5e56adce7d0ba085d70ac1b6646b5

  • SHA256

    10a95e08ebcdc813db519098e5825f03344ca3bb2f4e9ff93074aa370dff1a87

  • SHA512

    51ed53cd22e2ed3fc21629f0356022127cca27c4f722e9299712c3fdbb33793b2ad803e4f36dd3c3acc54c25efe2d3f6df00b9921002cbb6060d33e9822a3771

  • SSDEEP

    98304:TNO9K4q1yHFnnyElGcpKYlllG7b/Ht+DFk0ENe7dcNbpD6gAyznFkpU:e3KYlllCPD0D7iNj

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://karakterolipsbilgilendirme.xyz/hxDNtg7DB3tk/

https://karakterolipsdostlukhik.xyz/hxDNtg7DB3tk/

https://karakterolipssinemaevreni.xyz/hxDNtg7DB3tk/

https://karakterolipssanatvesahne.xyz/hxDNtg7DB3tk/

https://karakterolipskulturkonusu.xyz/hxDNtg7DB3tk/

https://karakterolipstarihiyolu.xyz/hxDNtg7DB3tk/

https://karakterolipsmasallar.xyz/hxDNtg7DB3tk/

https://karakterolipskonferansi.xyz/hxDNtg7DB3tk/

https://karakterolipsgezegenhik.xyz/hxDNtg7DB3tk/

https://karakterolipsdunyasi.xyz/hxDNtg7DB3tk/

https://karakterolipsshowsanat.xyz/hxDNtg7DB3tk/

https://karakterolipsicimsessiz.xyz/hxDNtg7DB3tk/

https://karakterolipsfelsefesi.xyz/hxDNtg7DB3tk/

https://karakterolipsyolculugu.xyz/hxDNtg7DB3tk/

https://karakterolipsrenkleri.xyz/hxDNtg7DB3tk/

https://karakterolipssunumlar.xyz/hxDNtg7DB3tk/

https://karakterolipsduygular.xyz/hxDNtg7DB3tk/

https://karakterolipsgizemleri.xyz/hxDNtg7DB3tk/

https://karakterolipskaynak.xyz/hxDNtg7DB3tk/

https://karakterolipsseruven.xyz/hxDNtg7DB3tk/
rc4.plain

Extracted

Family

octo

C2

https://karakterolipsbilgilendirme.xyz/hxDNtg7DB3tk/

https://karakterolipsdostlukhik.xyz/hxDNtg7DB3tk/

https://karakterolipssinemaevreni.xyz/hxDNtg7DB3tk/

https://karakterolipssanatvesahne.xyz/hxDNtg7DB3tk/

https://karakterolipskulturkonusu.xyz/hxDNtg7DB3tk/

https://karakterolipstarihiyolu.xyz/hxDNtg7DB3tk/

https://karakterolipsmasallar.xyz/hxDNtg7DB3tk/

https://karakterolipskonferansi.xyz/hxDNtg7DB3tk/

https://karakterolipsgezegenhik.xyz/hxDNtg7DB3tk/

https://karakterolipsdunyasi.xyz/hxDNtg7DB3tk/

https://karakterolipsshowsanat.xyz/hxDNtg7DB3tk/

https://karakterolipsicimsessiz.xyz/hxDNtg7DB3tk/

https://karakterolipsfelsefesi.xyz/hxDNtg7DB3tk/

https://karakterolipsyolculugu.xyz/hxDNtg7DB3tk/

https://karakterolipsrenkleri.xyz/hxDNtg7DB3tk/

https://karakterolipssunumlar.xyz/hxDNtg7DB3tk/

https://karakterolipsduygular.xyz/hxDNtg7DB3tk/

https://karakterolipsgizemleri.xyz/hxDNtg7DB3tk/

https://karakterolipskaynak.xyz/hxDNtg7DB3tk/

https://karakterolipsseruven.xyz/hxDNtg7DB3tk/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • homeworkout.homeworkouts.noequipment
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4488

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/homeworkout.homeworkouts.noequipment/.qhomeworkout.homeworkouts.noequipment
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/app_lyrics/OX.json
    Filesize

    153KB

    MD5

    822492b9112b54ea4c240c4376e9f909

    SHA1

    2f1a8863ad891e1c01689e80fb02f19e1424a925

    SHA256

    a8c37d2bccd31db655dbd183271a025444c629a065a8c6fcaf107ec04b48444a

    SHA512

    7026eb0de6ff0866be1abed98b9684cd730b97b602c4938308332c09a455bbaa05433a2e3f85b67752d67c6f6422864d4547062ae34a54c8b6302b0a82a441be

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/app_lyrics/OX.json
    Filesize

    153KB

    MD5

    acf16bebf597773969441732f5c428d6

    SHA1

    9ac1e482e9a0ea70bfe65127eaa9b547dabfa495

    SHA256

    2f0fd40a75422625123e9fdd21d31142624f887b6f1fb25696c2e7a209138714

    SHA512

    bdea62280ba7812fdcf00f4e2c2ce3ff346243bc634e04bad1973c3d4247fd9a9843bd9ec87ee5462d039f6d68c5eafdc5a25e2abdf07cc6aeae2ecd81d5528f

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/app_lyrics/OX.json
    Filesize

    450KB

    MD5

    c186e81d554e3718b88b544fe5e0ab41

    SHA1

    60bc93ba5f26b03f6dda1b45a373af9f0ff59ea7

    SHA256

    9fe9deda80a8fa54b59d75d7782cae2a0b4c89c0ad026f3ff223e04b79d1326f

    SHA512

    1cb0b2fd7517e11ee12b699b97b45ae947a0bfbcedb1be21882680419199ffdc76381a1676abfb0df62ae45d21b607b1ea7356d81da4596e6ab09e6d78ffcd73

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    45B

    MD5

    b2b4dc50b371f9422957b926d09b0055

    SHA1

    c2019ffd05bf6ebf973172912bbdcf8a987d30a5

    SHA256

    9889e43758cdf7971e8376b233dd760a2001a1dcf7d2fc204eaff2284343d300

    SHA512

    dbe52ada96f2b2c61816bb0885ddce576a16b93dd271f9ed8a72f317667f9db09315baa00b5e315c79667a525c2f537eee49c39bb9d9ae86cd914b27b8117626

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    70B

    MD5

    c54a2f30d9ee75e3d7bfc025de652ed1

    SHA1

    18192a06de5b735c2a42331d3f4e7805de3a24c0

    SHA256

    ab3484166ac96202295aabb60a8ba80812ef3cd0ba582ef3a03c640f0ef4b3c1

    SHA512

    703ce10013b84c5daca31cbb4f3183cbfc05a8a6739d3250dd3384ce44161db33e41ed17a579510ba3a9acff3c5c46ba2dd5681c19be464c096bf58392bffea1

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    79B

    MD5

    3c2ad620a2a8c163948a2c8f90189f0a

    SHA1

    24ac37abe9382387be37a2b067b971cd3dab7cc4

    SHA256

    59720bfa30c110473a0bd4ecb99d1cad8a0bcdc56c8a2754c65c741f35f23054

    SHA512

    eeb3b1753df2985a5a5948b4c3cf9a078a6706f27454c9e8d290de5667dddfc454dfce33d617f2657e6a61092102fa400856d7576bcc8408a94138ef433bee2c

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    490B

    MD5

    a28321cc7344cab011770c8099fb17f1

    SHA1

    8406af62c31a482b375dc6e5086941922b12dbcf

    SHA256

    599250661e6daff93d595ff796fd31560f24606aaa05bbbfa4fbcfc0048c5e74

    SHA512

    866808be3137e4c81aed4cd9e525cf105df511247ce35bc96b96529e1776ab06897aa2b6715c8998c00a7b082b9daecb89b23a9c138ea5d0fdd1e09aa23edd2a

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    214B

    MD5

    032d2ad0c1ccee51e950b9c40c4ad879

    SHA1

    7448b3a6f3dca2c55333f12b9bb43a5e111d39aa

    SHA256

    8e6acfa0929b4c39b958889ea066c2a080820afc73fcc06d780d5bada854c088

    SHA512

    b3bf3e0ed13f3c3afb6b7cfbcc9216ba8d55141da1337725d5760fbc6bbb28261362531269865eac86a45f30a50030b050cf65437357e5d6af63362e61641685

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    54B

    MD5

    f2af66c360b0c36c1443dbba568489b6

    SHA1

    a66c0f74fc3a47327cd0916c65f9c278014b2866

    SHA256

    c72e2ccaa76aad3b4a432182aa0117d3918b71df4cb519418ef60bf3d8cac4f7

    SHA512

    38e3256fcdffa8143cf1f9c314107cedc85f0111ec597db06d8670f82a8569553f97ddbd4e7ffa882ff3f3126928cd9b5395b0b760b89d391772378f071636ef

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    68B

    MD5

    7e6d7c5b4d08960ebaff0610994f801d

    SHA1

    1b989b9133150fcfa8b7c3637e5c3b6db42ee3b0

    SHA256

    bdb65f1d612907b835c17d404aa48aee09283708127d422cafe2b22b0e2e76b4

    SHA512

    6f4382b01c3accf65c694920cfeefce1662977c2fc49dfdda10118d4c61bd0ab48d710368c677ee5ad71affafa9490ec56a4ac1f9b80007458f08d84b003a130

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    60B

    MD5

    e1de72e1dace83964818a661fe08d9c5

    SHA1

    b25c6b84cf4216a631e0aced8e4be43b9f18d1d6

    SHA256

    8da6a741a759ca7059f32f700d507aa86bab418f53c75e691d9252cff6eda565

    SHA512

    69b928288ad8a1fdbaee9ccbb3243401ad10943b760d5e4ed02b4259c4def676d5dc424973b5ec8df84d29a2706ae2073eea218caef177eedb16d4dfbd8c915f

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    70B

    MD5

    83b3bed6e85667a4d6978143a91c2cbe

    SHA1

    e4b5c4d8bdb61afaa6bcfc0eaa95ad5fcbc20035

    SHA256

    c86586f4297760cfd49194c34bccf6edf70090d5452d4cc98b0f2848903ddc42

    SHA512

    527235a03b21d8bc88a15459ca9133c480a7d21b8db814e0c3138f5d2b4cb07a24942fb1f1edda81eba9a36ab723721765bd77753e07114082da4def9a1575e0

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    55B

    MD5

    6298de054e9d2f26386ec11d1e7253d5

    SHA1

    fe953a6a37de1024e64a9055d83ba4e4e9c0858c

    SHA256

    018b0dfed4d2fe4967572a7fc8efc3aecb059251a0dfa5dcc469a4ad01c235dc

    SHA512

    446cd49372a9e0e41dfe1c143dd407476978a3cdff6ff7882c9ae5237d491d40f547c1f76c6c86c0a4c605e3688d349670f75f902b9587bda62f422764be9f68

    Download Submit