octo | 32bd4e699c237655c164e36c3fe83d1a9c14b5218aa42b82bf962254e804b0a3

Resubmissions

15-05-2023 13:37

230515-qw8mzaea5v 10

14-02-2023 10:19

230214-mcmdvabh8z 10

Analysis

max time kernel
530852s
max time network
160s
platform
android_x64
resource
android-x64-20220823-en
submitted
15-05-2023 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GooglePlay23Update.apk
Size

527KB
MD5

606b94fa8407316bcddaab6c35b64bc8
SHA1

77227e9a1d78d2968f07f6d4be63811a2333bd16
SHA256

32bd4e699c237655c164e36c3fe83d1a9c14b5218aa42b82bf962254e804b0a3
SHA512

0ea99a7967212f574dd490dea41af2e1c9686426318804f5b060baf1d60ea08a7d2efa781b80e656a4764a9d86ef57eeb5b8df09871d1fff64d703edbc94ec2f
SSDEEP

12288:3oLyYS1nveZfhtfLsRyYgO/jgs38BoCGpFuN++1xbdV7YQB:wyYS1vgNe/jg28BdcuQsxbgQB

Score

10^/10

octo banker infostealer ransomware rat trojan

Malware Config

Extracted

Family

octo

https://2fdghhoo11.top/doc/

https://3fdghhoo11.top/doc/

https://4fdghhoo11.top/doc/

https://5fdghhoo11.top/doc/

https://6fdghhoo11.top/doc/

https://7fdghhoo11.top/doc/

https://8fdghhoo11.top/doc/

https://9fdghhoo11.top/doc/

https://10fdghhoo11.top/doc/

https://11fdghhoo11.top/doc/

https://12fdghhoo11.top/doc/

https://13fdghhoo11.top/doc/

https://14fdghhoo11.top/doc/

https://15fdghhoo11.top/doc/

https://16fdghhoo11.top/doc/

https://17fdghhoo11.top/doc/

https://18fdghhoo11.top/doc/

https://19fdghhoo11.top/doc/

https://20fdghhoo11.top/doc/

https://21fdghhoo11.top/doc/

AES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 3 IoCs

resource	yara_rule
behavioral1/files/4728-0.dat	family_octo
behavioral1/memory/4728-0.dex	family_octo
behavioral1/memory/4728-1.dex	family_octo

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.turnthingpcb/cache/ksubalgwyp	4728	com.turnthingpcb
/data/user/0/com.turnthingpcb/cache/ksubalgwyp	4728	com.turnthingpcb

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.turnthingpcb

com.turnthingpcb
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.turnthingpcb/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.turnthingpcb/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
31797e7bb9dbc30d702d41ee758e53f3

SHA1
7310e26e9e474755114c7c61de2ef083848d47d3

SHA256
307e8fcc55cc4a48e31ee50459070bd754c0ad8a18363ccdbb2482e861988a74

SHA512
2f9a768f36c81445362d74c15e1f026ce66a90d0e70e1e319c6ad4da617216684ab8487b62ee1a3de017b10e6b45ad8399750424fa9696fd7f920a059af72e2c

Download Submit
/data/user/0/com.turnthingpcb/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.turnthingpcb/app_webview/Web Data-journal

Filesize
1KB

MD5
f4792454bedab58c55ebcee7fd1f99b6

SHA1
f8d9516d74250694a5c4850076267da1351d4224

SHA256
0842a1adad057e951d5d1941613481ec639b9a9bffbfadd04d0a3ffa324f32c3

SHA512
f83796d6fed5ab3c8da3cab4ac5ee072ad21770122efba2b91cbebd0a7bc3675bdb179201797e47229ff7290acc987a01c2afe777e2f497582a6ba103727dbb3

Download Submit
/data/user/0/com.turnthingpcb/app_webview/metrics_guid

Filesize
36B

MD5
13e3457de18b8ac5b4b0ce9e426e9f85

SHA1
120dddd31484801d150314837437d5f2649b7d54

SHA256
06c88c0245780fc7f1e8f57b119223e9c230e63114d25b431e63b22218b8b67d

SHA512
de8d9c7822b7ed87f7ebc14e96ff445aca8e1767851e1a393bdc135dd8de91eb9165d2ab5e09822c97bb0ae52027e8a7571d81f8eda619709c4fa05f8b4173f5

Download Submit
/data/user/0/com.turnthingpcb/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
c96b5c5d8316a8def98fa6577539941a

SHA1
87c81cf98069565d14a125ab1468a22f4d8dd733

SHA256
8142eb067b90854160908ac73a912d4b79bcd86b106119ba5f58f638933dae82

SHA512
23bc80c76b52de3a208534c57860863eea168837246a8f44a6a581aea3a9a27e07866d5a81de0fa52fe05dd2332fc97ff63654372b0b7168a917964176102dfb

Download Submit
/data/user/0/com.turnthingpcb/cache/ksubalgwyp

Filesize
448KB

MD5
ce0f96ac96775d8c6e19bd32b397673a

SHA1
6c3e749563fa197ed52f1fdb93ea0fc5f52823af

SHA256
cb69aa68630bb648838bf713f4d3dbf76d0a86bcc0dea6853febe00f9f6ec383

SHA512
0f4bf6b55a323b6ac3e8e86718c37da65cf42e2c7150b1ccb52b1dfd68b7f37bcccfcac47d9ed0be4c4f156ccd83f7864d904192f9f3ff4cb29fbb3d5af681f1

Download Submit
/data/user/0/com.turnthingpcb/cache/ksubalgwyp

Filesize
448KB

MD5
ce0f96ac96775d8c6e19bd32b397673a

SHA1
6c3e749563fa197ed52f1fdb93ea0fc5f52823af

SHA256
cb69aa68630bb648838bf713f4d3dbf76d0a86bcc0dea6853febe00f9f6ec383

SHA512
0f4bf6b55a323b6ac3e8e86718c37da65cf42e2c7150b1ccb52b1dfd68b7f37bcccfcac47d9ed0be4c4f156ccd83f7864d904192f9f3ff4cb29fbb3d5af681f1

Download Submit
/data/user/0/com.turnthingpcb/cache/ksubalgwyp

Filesize
448KB

MD5
ce0f96ac96775d8c6e19bd32b397673a

SHA1
6c3e749563fa197ed52f1fdb93ea0fc5f52823af

SHA256
cb69aa68630bb648838bf713f4d3dbf76d0a86bcc0dea6853febe00f9f6ec383

SHA512
0f4bf6b55a323b6ac3e8e86718c37da65cf42e2c7150b1ccb52b1dfd68b7f37bcccfcac47d9ed0be4c4f156ccd83f7864d904192f9f3ff4cb29fbb3d5af681f1

Download Submit
/data/user/0/com.turnthingpcb/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.turnthingpcb/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
fb0b4d23a58ff2fe0f282c08c27e9ae5

SHA1
f8179397b8e5e0c1894af29edf3386f835f481dc

SHA256
b602d3eb904f7d5ff6b70915578344d8bc4c946caf4c669db680e8adcb50b8af

SHA512
95c7bed839bb7ae1ec86af9dc8c825b8862a1a65c0453478c5664186b0b4f1c86678de232172ff2e4b17e05aba21fa5d78c2f6b8dab72cdaa4aa3c045b3379d3

Download Submit
/data/user/0/com.turnthingpcb/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.turnthingpcb/shared_prefs/main.xml

Filesize
134B

MD5
f845f8db34fc55972d4d96b3bdfb96e4

SHA1
de5064726878e62992199c49eb18fe1e4cf376d5

SHA256
ebefc400dce200c59b36cad83e060fc5bd2a6c72d6a5054115f17350762e9383

SHA512
5b389abb3fdb302ba0cc5acf709261b3e7cb82c97bc0d57799577e88a0d4a11f8716e1b153aad88e718845b44cd7f80f4aa655894194278f6dd5121ddcb5e56d

Download Submit
/data/user/0/com.turnthingpcb/shared_prefs/main.xml

Filesize
5KB

MD5
ab846d00069955ff46eb26fcef28fda3

SHA1
d07575ec6409ce4a21095ea8e980e13e221dfed0

SHA256
98d9fa407396360d3368bebdcaccb7b8d43959ba91dc4d0f8db2327e823b9b22

SHA512
df913c8da95104a28df3faf1c7ccc442860357525502e34b19cfcc6b7cf70e8622ec06ec99b53b28a454f8aa9209cbdbdc988007e992058c603f15b059e4d382

Download Submit