Analysis
-
max time kernel
7s -
max time network
160s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
23/01/2025, 22:03
General
-
Target
38e6aaf7561ef7a24fac2be9a25ecb4e1675d4a75e304c69d074cb009b8465ec.apk
-
Size
3.0MB
-
MD5
e33a10aef23a583cc86966be13bc7add
-
SHA1
bc8b952d9a7e710ec6cd72c52dc8731549923d63
-
SHA256
38e6aaf7561ef7a24fac2be9a25ecb4e1675d4a75e304c69d074cb009b8465ec
-
SHA512
88eb930762d37c998fe54f9c29620a568c8cff86638518c493f7c9e7b486eea0e0a5dbbb0f78550e66c402111c1bd6b78df4fd2f0741c6a59be6404fef5f0151
-
SSDEEP
49152:2kTV0g0HO5gk4YB9t8fLtRW4bDa9aUYu0R6V+RSXiCR+A65plOYi0txzhrLGprIF:2kJ0U9yfXW4bDCaUYB6ILCIT5nOp+zhl
Malware Config
Extracted
octo
https://sudanhavalarbilgilendirme.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarmanzaralari.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarhikayeleri.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarvesanat.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarolaylar.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalargezisi.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarguzellik.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalaranilari.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarkonusu.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarfelsefesi.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarinrenkleri.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarintarihcesi.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarvegizem.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarveyasam.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarinduygular.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarplatform.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarveseruven.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarindogasi.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalarinfaydalari.xyz/MzhiMTg0NTAwOTY5/
https://sudanhavalardunyaniz.xyz/MzhiMTg0NTAwOTY5/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
com.side.dad1⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD5f33473f163f8b71760e1f0e0a37c4170
SHA16d32979651d63d9d68b48b7feaba8296c98e7d3a
SHA256f066f78a20da1f7f8a12e6a36238e96338ef7e74d2d9b773125c527759b0ba4b
SHA512a14c9c9bafe27de75be305803f212ba2295752de0de6b636e7fcf197e2420edd74e069181cb91bd48e9e5eb92e626bba6af78cdcd52035467df35a3d063c4bcf
-
Filesize
153KB
MD5a9f5e931851ffc87eb12e47d2067a60f
SHA116ed2ffda6d71af48355a8940d2da585ce77822d
SHA256955ff5e156f0a7d79eb8db3095be7d0c5b6c193d26ea09cba2abefb47c21951e
SHA5122e906c77354fe3516599b7a2851e77f2875b2b131b536c866d8317e9adc6b7f7ef663103f7f44c8aa0a637ab33aca1e6c6efc6a7f48e872a1a0b70fc9a37fc8e
-
Filesize
450KB
MD5b1773468133f996e282afc15a140d28e
SHA1bd25ed2e56bbc457f0e1db1beba3ed52bafe2d8a
SHA25690531188177c32afc241a96c1e43c63c3dbbd885043b32ed4c6301dead309075
SHA512a02f97b0ec595fd65769d5df372faf3c3f273cb411001ed21869ad5b8589d2563213106b7cdc7656c6c06614d8fe8c98abf4725db3bf3ba47f7a18e5b39b303f