octo | d518a26b3d98d4a8e1c0552e38da9bd70b43d626cfec71c831c1ad5314c69685 | Triage

Submit
Reports

Overview

overview

Static

static

7

d518a26b3d...85.apk

android_x86

d518a26b3d...85.apk

android_x64

Sharing

General

Target

d518a26b3d98d4a8e1c0552e38da9bd70b43d626cfec71c831c1ad5314c69685.apk
Size

1.4MB
Sample

220614-hvhq6agef5
MD5

318a13b57c37c485cbb3a7ca8067f21f
SHA1

136a1bf821a9af5ba6b658bacd27580b3c3988df
SHA256

d518a26b3d98d4a8e1c0552e38da9bd70b43d626cfec71c831c1ad5314c69685
SHA512

e53e37fcddbe6ec3947d0239933b36aaa7ccb1b71fbe3c02e37202191f9d5629f850d2e02a45788b2a63b5732d2abd664876a881eb4286ae141ce0b57af3a1a3

Score

10^/10

octo android banker evasion infostealer ransomware rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

d518a26b3d98d4a8e1c0552e38da9bd70b43d626cfec71c831c1ad5314c69685.apk

Resource

android-x86-arm-20220310-en

octo banker evasion infostealer ransomware rat trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d518a26b3d98d4a8e1c0552e38da9bd70b43d626cfec71c831c1ad5314c69685.apk

Resource

android-x64-20220310-en

octo banker infostealer ransomware rat trojan

android_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

octo

C2

https://ifn1h8ag1g.com/MWNhMjI2OTkyNjA3/

https://irha3wzuu.top/MWNhMjI2OTkyNjA3/

https://uhnazu3au.top/MWNhMjI2OTkyNjA3/

https://hbaruuau3h.top/MWNhMjI2OTkyNjA3/

https://8ibaub3bav.com/MWNhMjI2OTkyNjA3/

https://ifua88ahahgh.com/MWNhMjI2OTkyNjA3/

https://utabwbazuu.com/MWNhMjI2OTkyNjA3/

AES_key

Targets

- Target
  
  d518a26b3d98d4a8e1c0552e38da9bd70b43d626cfec71c831c1ad5314c69685.apk
- Size
  
  1.4MB
- MD5
  
  318a13b57c37c485cbb3a7ca8067f21f
- SHA1
  
  136a1bf821a9af5ba6b658bacd27580b3c3988df
- SHA256
  
  d518a26b3d98d4a8e1c0552e38da9bd70b43d626cfec71c831c1ad5314c69685
- SHA512
  
  e53e37fcddbe6ec3947d0239933b36aaa7ccb1b71fbe3c02e37202191f9d5629f850d2e02a45788b2a63b5732d2abd664876a881eb4286ae141ce0b57af3a1a3
Score

10^/10

octo banker evasion infostealer ransomware rat trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo is a banking malware with remote access capabilities first seen in April 2022
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

octobankerevasioninfostealerransomwarerattrojan

behavioral2

octobankerinfostealerransomwarerattrojan

© 2018-2024

Terms | Privacy