octo | 4261cc05a8c4ecaf1605ef931397a4d97cc12fe38738a4f6016c3695aa2c571f

Target

4261cc05a8c4ecaf1605ef931397a4d97cc12fe38738a4f6016c3695aa2c571f.apk
Size

1.4MB
MD5

85b7a0e8cdee68bca806fc45948c2d82
SHA1

9b07766286667e6444c93e86d833a426a5d660f0
SHA256

4261cc05a8c4ecaf1605ef931397a4d97cc12fe38738a4f6016c3695aa2c571f
SHA512

2b96e5ae7597ea50255f615a29a7fe62dbfb16616aa02135b38223d40ccdf32b0c29d66ac8296449ce34fbcf5cc12ed16b617a4afe8649e0ba1bebd78d064213
SSDEEP

24576:cCwdv9Xe5XTlreQU99NRvxZKZcxRYjMIioPZcjdNN+60Dzgv4HBd:zwdvQlTl05JEZcPYjMIZRcZNN+6ozgvC

Score

10^/10

octo banker evasion infostealer ransomware rat trojan

Malware Config

Extracted

Family

octo

https://s22231232fdnsjds.top/PArhFzp5sG2sN/

https://s32231232fdnsjds.top/PArhFzp5sG2sN/

https://s42231232fdnsjds.top/PArhFzp5sG2sN/

AES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 3 IoCs

Processes:

resource	yara_rule
/data/user/0/com.theseeye5/cache/wnhzpguye	family_octo
/data/user/0/com.theseeye5/cache/wnhzpguye	family_octo
/data/user/0/com.theseeye5/cache/wnhzpguye	family_octo

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.theseeye5

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.theseeye5

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.theseeye5

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.theseeye5
Acquires the wake lock. 1 IoCs

Processes:

com.theseeye5

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.theseeye5
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.theseeye5

ioc pid process

/data/user/0/com.theseeye5/cache/wnhzpguye 4117 com.theseeye5
/data/user/0/com.theseeye5/cache/wnhzpguye 4117 com.theseeye5
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

com.theseeye5

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.theseeye5
Removes a system notification. 1 IoCs
evasion

Processes:

com.theseeye5

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.theseeye5
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.theseeye5

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.theseeye5

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.theseeye5

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.theseeye5

ioc	pid	process
/data/user/0/com.theseeye5/cache/wnhzpguye	4117	com.theseeye5
/data/user/0/com.theseeye5/cache/wnhzpguye	4117	com.theseeye5

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.theseeye5

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.theseeye5

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.theseeye5

com.theseeye5
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4117

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.theseeye5/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.theseeye5/app_webview/Cookies-journal

Filesize
1KB

MD5
bef0c2133a442a61408dde27901894da

SHA1
da082629615f7fead18a2ff87234bb6f11938be3

SHA256
d9effd400e3babc998f390e9c96384c9a67ec07d407f5bc2e6e2e6cb7e898c8c

SHA512
fbf436289ebffae0fd95a4a64dcaf597acb192073206838a12efb14c5dda098ed0f73876ea218df60bde29486534fecead80572c5ee022c8339451f5ba5f47e3

Download Submit
/data/user/0/com.theseeye5/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.theseeye5/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
03db057927d02d9411676fa38fd2f340

SHA1
83462e1bda97c50902964159c9f2b25fc6a43d2c

SHA256
2388c95c0ffd277aa0fafdd0366f429fbad815920a7e8dad08d5b9dbb5f0dba3

SHA512
3e9b404b6abebc0862d40908cf3be7262470893319fc9c7b581d98f7c15828e3b76605f0925bf195775d821b3fff01254eda5e63d3412b5cbcb8ab11dc6bea3d

Download Submit
/data/user/0/com.theseeye5/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.theseeye5/app_webview/Web Data-journal

Filesize
1KB

MD5
224250071af4fcc651e53ea62efe62bc

SHA1
248270c760bbea9b9882123e5b846483cf7a6929

SHA256
6533685b23cdef95a7e0b35f9609b6c66d8e9d12cf1b38152774a1e009d1e062

SHA512
8f0f04252f922575372964886fe915a67dc59b3f43f50cc60bec4808988326b8a2ec84a1e7e9296eeca55d55ce06f9d4be4257efc9ed90e1430dcf69f9ce68b9

Download Submit
/data/user/0/com.theseeye5/app_webview/metrics_guid

Filesize
36B

MD5
86da8f845e1e591422fff90564094eb0

SHA1
a773d3634d7a395250aac58649fef43245fbb228

SHA256
2dac1a9110c2e3acba522b53a202814f726ec48ac9b761a755c4f6a3ce1de20f

SHA512
1276fba2d24672110df9418372f88d6bb82c2a7d1f19940354bcf185ba354efda439d488683d15c7081d54986855460b1045df118386513ee0d52f1ffd34d78a

Download Submit
/data/user/0/com.theseeye5/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.theseeye5/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.theseeye5/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.theseeye5/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.theseeye5/cache/oat/wnhzpguye.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.theseeye5/cache/org.chromium.android_webview/de6b98a2e45d14b3_0

Filesize
226B

MD5
6afdfcc13936e0cd1c1c3c38cdb22a5b

SHA1
3300975124a2d11892e771553dd3ad15821e9e6d

SHA256
cf5c7d85d94c82ab22a89a56d9942acb662c1944692c02fbfe7e30e02d382c4d

SHA512
3b69a954180031a2b523419f18e9ce1cc3598abe15b6f2c0c033970691a08db6738e0dfe9592514442b8b83383ea570ee55f649dc9066f83bac2a6c45a225a59

Download Submit
/data/user/0/com.theseeye5/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.theseeye5/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
a6a434a95ce80fbd7c29dc668540cb3d

SHA1
a2ff23e02c2deb6e9f0a114b1624953871e534ae

SHA256
7898d39e19e129160f904e731530a86d400778b7647110703dc9f6f057ec331b

SHA512
048743309ecc52744779fb665c7cae08b9b426202264dc9067055c0f7a892bf65baf27686b15142b0e1cfe228dffebbd0c9cd3b60e92fab93ed8e5f2913c8b10

Download Submit
/data/user/0/com.theseeye5/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
5fa4958919c21b8c9771e685bcea6835

SHA1
492d767454a568e8204c5f020c88e9be740f81a7

SHA256
477355a3b91c0041b3ec59233a9ddb455d99413e5e1e0ab0ba1fde321bdcb5dd

SHA512
52ab8d466432359e39db547cf6faa9fb52009b280a68d1f4f44bb53a8cfaa8cd895d2a98986a039ee8bc708773c766d2850a751eb8cc3ed85b14fe9ee9c9227a

Download Submit
/data/user/0/com.theseeye5/cache/wnhzpguye

Filesize
157KB

MD5
857aad05090b46db76e05aa6abee7635

SHA1
1e5c17b30b6afcfefbcc36a0dab550c068a46d9d

SHA256
36218e3c4411bdc720231bae88a3a047057464280fdf1ab27485c693bebaa869

SHA512
3446d0ac1dcbd0e6e775d697fa3b96c259ee3cf55e2324a01bc2c855b4792c1f223846bc087d7ed138da961e35fb5d3a72c1a64ac8e1d62db9f4071c06a13e1f

Download Submit
/data/user/0/com.theseeye5/cache/wnhzpguye

Filesize
157KB

MD5
857aad05090b46db76e05aa6abee7635

SHA1
1e5c17b30b6afcfefbcc36a0dab550c068a46d9d

SHA256
36218e3c4411bdc720231bae88a3a047057464280fdf1ab27485c693bebaa869

SHA512
3446d0ac1dcbd0e6e775d697fa3b96c259ee3cf55e2324a01bc2c855b4792c1f223846bc087d7ed138da961e35fb5d3a72c1a64ac8e1d62db9f4071c06a13e1f

Download Submit
/data/user/0/com.theseeye5/cache/wnhzpguye

Filesize
157KB

MD5
857aad05090b46db76e05aa6abee7635

SHA1
1e5c17b30b6afcfefbcc36a0dab550c068a46d9d

SHA256
36218e3c4411bdc720231bae88a3a047057464280fdf1ab27485c693bebaa869

SHA512
3446d0ac1dcbd0e6e775d697fa3b96c259ee3cf55e2324a01bc2c855b4792c1f223846bc087d7ed138da961e35fb5d3a72c1a64ac8e1d62db9f4071c06a13e1f

Download Submit
/data/user/0/com.theseeye5/cache/wnhzpguye.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.theseeye5/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.theseeye5/shared_prefs/main.xml

Filesize
131B

MD5
cc51dceeeeba06a5b22a7e6a51a257af

SHA1
a39004c98acdf7c392c724f51d9d3846b0e80a52

SHA256
8e4b00a3500e8806b0b9ce564e344c5a09a5a0c7cfc595d5c8b68d40f078cd39

SHA512
d7a44620b02d24b4fa6979bbbd963e7e0a501856d85a8fbf0c3d6217ca15dd6d433efe58f1fe1046110f9a26cb95f306255e1af72c6c4769673dd62d13af7214

Download Submit
/data/user/0/com.theseeye5/shared_prefs/main.xml

Filesize
3KB

MD5
ca1bde4c594680a0eaaf3d77dc9af10c

SHA1
531cd396aa74b6bda0d2055abe9cba54d13ea39c

SHA256
c5384aa215e9dd5527645e6ebf9768961962aea5ba3779379787fa24ddc07847

SHA512
6cbacae2e7769fef91c71ec5f7e7422ee4c24846c248f8772bd45656da76d9eb773f7c0600b1238ad2d040d79364b9ff6a8587ba29997e970b27d46f42c13d68

Download Submit