octo | 439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5 | Triage

Submit
Reports

Overview

overview

Static

static

7

439f8c57bc...d5.apk

android_x86

439f8c57bc...d5.apk

android_x64

Sharing

General

Target

439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5
Size

1.4MB
Sample

220613-m1yrsacab9
MD5

13f82c6f6f722e03b708bff539affd04
SHA1

7828eb95578e0483e07f875cc4821acf965e629f
SHA256

439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5
SHA512

a0a3d8eca8a301de2f23aeef411432800a4f999bf25b21a747526b2ac50acdea28435739aa1afaf2f02d094a485fa487b46bee2f8cc4ef583b83123d4248be9f

Score

10^/10

octo android banker evasion infostealer ransomware rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5.apk

Resource

android-x86-arm-20220310-en

octo banker evasion infostealer ransomware rat trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5.apk

Resource

android-x64-arm64-20220310-en

octo banker infostealer ransomware rat trojan

android_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

octo

C2

https://idai2babd1.xyz/MWNhMjI2OTkyNjA3/

https://fabh23zuba.top/MWNhMjI2OTkyNjA3/

https://ahnudsbba.xyz/MWNhMjI2OTkyNjA3/

https://fu8hhaadl.com/MWNhMjI2OTkyNjA3/

https://jufhahbhazh.top/MWNhMjI2OTkyNjA3/

AES_key

Targets

- Target
  
  439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5
- Size
  
  1.4MB
- MD5
  
  13f82c6f6f722e03b708bff539affd04
- SHA1
  
  7828eb95578e0483e07f875cc4821acf965e629f
- SHA256
  
  439f8c57bca9c09aa0364ebb7560eebb130d22a8e6482f3433a5797765a283d5
- SHA512
  
  a0a3d8eca8a301de2f23aeef411432800a4f999bf25b21a747526b2ac50acdea28435739aa1afaf2f02d094a485fa487b46bee2f8cc4ef583b83123d4248be9f
Score

10^/10

octo banker evasion infostealer ransomware rat trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo is a banking malware with remote access capabilities first seen in April 2022
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

octobankerevasioninfostealerransomwarerattrojan

behavioral2

octobankerinfostealerransomwarerattrojan

© 2018-2024

Terms | Privacy