Overview

overview

10

Static

static

6

ae54bd55db...05.apk

android-9-x86

10

ae54bd55db...05.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    21-01-2025 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae54bd55db5dd84eacfe4596453fb469b21ccbac7486816dac0be64adf370605.apk

  • Size

    2.0MB

  • MD5

    cc0e4758281be3778f60898e091522c0

  • SHA1

    5b2d4c33c63ee5f96c630dcdc53602de7ef9073b

  • SHA256

    ae54bd55db5dd84eacfe4596453fb469b21ccbac7486816dac0be64adf370605

  • SHA512

    95aaf92045571ee346d8e657258385a30af736e00219fa59eb1748e207056922c92ae6ed43115485e868dae65e908e6c44a2d9097c0014dc94641de5aeec41b0

  • SSDEEP

    49152:JffweaXoCW8JaZUqUQ41nsNaIemjNotXqsCZGyWDwIVa55yDGZ08k:g4CB0JUQqsYIQXUTWDVK5+GZm

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://karakterolipsbilgilendirme.xyz/hxDNtg7DB3tk/

https://karakterolipsdostlukhik.xyz/hxDNtg7DB3tk/

https://karakterolipssinemaevreni.xyz/hxDNtg7DB3tk/

https://karakterolipssanatvesahne.xyz/hxDNtg7DB3tk/

https://karakterolipskulturkonusu.xyz/hxDNtg7DB3tk/

https://karakterolipstarihiyolu.xyz/hxDNtg7DB3tk/

https://karakterolipsmasallar.xyz/hxDNtg7DB3tk/

https://karakterolipskonferansi.xyz/hxDNtg7DB3tk/

https://karakterolipsgezegenhik.xyz/hxDNtg7DB3tk/

https://karakterolipsdunyasi.xyz/hxDNtg7DB3tk/

https://karakterolipsshowsanat.xyz/hxDNtg7DB3tk/

https://karakterolipsicimsessiz.xyz/hxDNtg7DB3tk/

https://karakterolipsfelsefesi.xyz/hxDNtg7DB3tk/

https://karakterolipsyolculugu.xyz/hxDNtg7DB3tk/

https://karakterolipsrenkleri.xyz/hxDNtg7DB3tk/

https://karakterolipssunumlar.xyz/hxDNtg7DB3tk/

https://karakterolipsduygular.xyz/hxDNtg7DB3tk/

https://karakterolipsgizemleri.xyz/hxDNtg7DB3tk/

https://karakterolipskaynak.xyz/hxDNtg7DB3tk/

https://karakterolipsseruven.xyz/hxDNtg7DB3tk/
rc4.plain

Extracted

Family

octo

C2

https://karakterolipsbilgilendirme.xyz/hxDNtg7DB3tk/

https://karakterolipsdostlukhik.xyz/hxDNtg7DB3tk/

https://karakterolipssinemaevreni.xyz/hxDNtg7DB3tk/

https://karakterolipssanatvesahne.xyz/hxDNtg7DB3tk/

https://karakterolipskulturkonusu.xyz/hxDNtg7DB3tk/

https://karakterolipstarihiyolu.xyz/hxDNtg7DB3tk/

https://karakterolipsmasallar.xyz/hxDNtg7DB3tk/

https://karakterolipskonferansi.xyz/hxDNtg7DB3tk/

https://karakterolipsgezegenhik.xyz/hxDNtg7DB3tk/

https://karakterolipsdunyasi.xyz/hxDNtg7DB3tk/

https://karakterolipsshowsanat.xyz/hxDNtg7DB3tk/

https://karakterolipsicimsessiz.xyz/hxDNtg7DB3tk/

https://karakterolipsfelsefesi.xyz/hxDNtg7DB3tk/

https://karakterolipsyolculugu.xyz/hxDNtg7DB3tk/

https://karakterolipsrenkleri.xyz/hxDNtg7DB3tk/

https://karakterolipssunumlar.xyz/hxDNtg7DB3tk/

https://karakterolipsduygular.xyz/hxDNtg7DB3tk/

https://karakterolipsgizemleri.xyz/hxDNtg7DB3tk/

https://karakterolipskaynak.xyz/hxDNtg7DB3tk/

https://karakterolipsseruven.xyz/hxDNtg7DB3tk/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • homeworkout.homeworkouts.noequipment
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4340

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/homeworkout.homeworkouts.noequipment/.qhomeworkout.homeworkouts.noequipment
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/app_sustain/AdK.json
    Filesize

    153KB

    MD5

    2e5de05006130cb1202800205fbfc23f

    SHA1

    bbda04f60e69c06f40e91c95e32e535f7455a606

    SHA256

    d242d0867204367539aa0d3f3c98eb0c5ec67cdd5380f22ff6a733c963b86790

    SHA512

    fba662f222ac08953cfce5c018b7da8ef26936e83cd99763c452f07f78792cec654fc904307fee1b389dc1a4b138116837f8bc70084c517b8c027aab28e30c47

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/app_sustain/AdK.json
    Filesize

    153KB

    MD5

    152581d53c976b1370e066f935a6e93b

    SHA1

    32fde6826991b3312fca64bdaa2264f0e5fd6067

    SHA256

    832111f3c03b57c86f192359cc2578eea231db205a40127842ae460c92f581d8

    SHA512

    7af75cdef6ee63a9f79e4c80a311b876d798575518e77e52ceeb7a83d24f49d961460908b7b0495ce36517d031c9763dc6d4d04a2c1b90384a0af49365d06741

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/app_sustain/AdK.json
    Filesize

    450KB

    MD5

    c186e81d554e3718b88b544fe5e0ab41

    SHA1

    60bc93ba5f26b03f6dda1b45a373af9f0ff59ea7

    SHA256

    9fe9deda80a8fa54b59d75d7782cae2a0b4c89c0ad026f3ff223e04b79d1326f

    SHA512

    1cb0b2fd7517e11ee12b699b97b45ae947a0bfbcedb1be21882680419199ffdc76381a1676abfb0df62ae45d21b607b1ea7356d81da4596e6ab09e6d78ffcd73

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    490B

    MD5

    1af1c7fc97d98b39979fac8f1e7ac896

    SHA1

    f012995ea8fe77d4c2d0ddbac9d4cca64240abdf

    SHA256

    153b235605681eea31f01822b8f8c318e46616d3296d02c680f664ffe552d618

    SHA512

    6270e2057a2d2fde0530a9d2b6e8822e9eee57dd98c8be7dc4907f146d9863114e381725ae1051d3c13a4e267290280c01cd59154c982a443b278a3ff8d85e5d

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    52B

    MD5

    ce9f4ea4be729405ffbcfe6050806eb4

    SHA1

    2d91ad7131af57f932a861135114b61e36165fef

    SHA256

    13f22f98af90b36d91b0d185113c8cd0c664ca9e660a4704e94d44e0693e2840

    SHA512

    569401eaa2645bab3bbfc770799ab230d840262991ed221ff453610b3705ac5635e9797b88de4c3404b2125b479a7d553fb795acf2afa34340f9856e3dd4554a

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    66B

    MD5

    f14d3e4d7d7869a642758f0254f41f0e

    SHA1

    ff09f8110f829360232001a8d623d481dfd4fb2f

    SHA256

    b6277a0173f2fbf7f97d0de120f2eab61ecdde2bc78e2399c84bcfc7eba54cec

    SHA512

    5d87e7d005c018cfb982fea1125db639b6d6cb22db2353024803fc92486c2998200363ed6b7753bf88459e987c74f7f8d4ebf1e03e4f9a0f44793afb771af556

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    84B

    MD5

    bd7f16b0ecbd2851e4e4fedb32dffcfa

    SHA1

    822d21f4e70615f135eda7d431564688fb87efcd

    SHA256

    04a25b900e43646436090ecc3095ba5a2bb3451714f6530c7926dae82c34e430

    SHA512

    3c4a0683060165d759a2faf4dcc43b456a8ed885d888f8ba219052a5b33b37285b821347f4ea0910cd0e4a08d8c955b193e57de3f64532df542009922ceadfb1

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    68B

    MD5

    4bcf36e7d45e47873d6ec0cd34e947d1

    SHA1

    66ac9643602494f25482c923204c65a543fd224b

    SHA256

    97926802a9840bc9943eca1e3d4c5591da7d432fb3635ccd4bb83a578ccde81c

    SHA512

    064a8a5e6b3f7824d6a6c28a2a8d8858c07a8ae3879e9fc86e852823a6e05559aae0187bdfb636d8e86fdc391d6e6d825a149affed14f11a17cc3d2a3f1e725b

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    214B

    MD5

    339db3a77aa28e15deb1541d6e6f13d5

    SHA1

    e00a1eef0ca299f592eeb4cc152a491e9219193f

    SHA256

    ab73899c24260c494b8e42b77563efc002f8c93fb90d063d779dce8e93fb852d

    SHA512

    9e8cc0921f83d82b087cc88980ba1fb3b89680ba847bb7ce757e1ded4a9a31f437b11d92a55eb7e6628948bca2f3d2808e65bc815d11da91c12af6e96724c8ea

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    52B

    MD5

    ba1e1d2f8791afd54e2c62bf147634b6

    SHA1

    442ecb05c66ea16462f87022646b2ef60984c2cd

    SHA256

    816f3f8922adaeadac4f9bda94b5b1fca682dc12fd890be8606578db93363ba9

    SHA512

    1a695284fff722f3095ddecf540aaf63946e6cecd52bb9282c72deca8f3c61ecde7df253717aa6905035fbcc1748783752ce0255033d87b3156dfdec5a9584b4

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    70B

    MD5

    1f10a880912d53d17f6edf635b26213e

    SHA1

    ff6a3377923502b11897180eaed0f8f78648d3bc

    SHA256

    1e224e3aa2c14b3d85526367f4c296be44fffa8c03d919be68dfc2ec5615950e

    SHA512

    4c66916e34f9e53db8fb81bea6cf09c9951359cf3731003b26acf640b526366f53c4ca2656b4fbdf7573b7f16b7d56b42fe5ee1ee74c9308cb7374c370ba9d43

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    55B

    MD5

    9e6dfe919ba5741f9fb6a1fa35b53e9f

    SHA1

    d6f743a9798748f72ece8104c1ada8cbcf3e6ea1

    SHA256

    286bde53f3bc15ffb1aa5d3d2110723a9346f5472308fa46a9bc9da0737b23a5

    SHA512

    e72e96abbd94f5d9c4c0106ee7f91d6b94d4c565ff1fcfadb3d4750842b2e72daf4609f5b4b478e5e74e16bb6057ac98e97fa5e2990d4fd826e2d59129c1058e

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    45B

    MD5

    cf426afc526ed6bb8d081a28b3b29ec0

    SHA1

    440ee034fad593bbcd5d51263b16519a9fb299f1

    SHA256

    eff991a65befea1f0c65391df5039f94998f89b2cb4237475b2e8e78a1c76795

    SHA512

    5684e7e74e35f24eb0166ca15491cc95466771ac05c2cbe303348b0b7977201f313ecb90bc44339e4674a503316a24a38feedb1b165274d5ab824252f94be745

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    70B

    MD5

    78746f18821c7a563535eb527838a78d

    SHA1

    fcdcb070ac2185e42e10c7f45a9abdecec1f10d6

    SHA256

    425cd77490f289ced74bb7197d67758931c4eef9805f26cbd93dfdc0783d67de

    SHA512

    ff3d00f0fcb1148e56f3a743200f8d4de24b188fb7aa961bc21807835ab82f10c2c0c3a8c0cd9539ef2800cd95a0be0ff1131be70748682c0f8f09c19ecd1f29

    Download Submit

  • /data/user/0/homeworkout.homeworkouts.noequipment/kl.txt
    Filesize

    79B

    MD5

    d142f3585ab94a56d6fcf012805bb1ee

    SHA1

    0f175f7a11c6e4f34ac066544e2b6f76047882bb

    SHA256

    f6fc9b3044bf52c8e50ce1f35dad41e16c041e463652830f541a1aed34521361

    SHA512

    1fa6b46ee51398d1023ff38f1365aea923e12559fa733d06a873889e9dda7799e6b3ef3e43b52913e1618d1864a4b0384f9157d42a74e07b09e7263fa403dbf3

    Download Submit