octo | e7605aa4a7cada543abd3ab160a69a26d9e9d7a4e815645cbd882cd4e8f1753f

Analysis

max time kernel
2017840s
max time network
157s
platform
android_x64
resource
android-x64-20220823-en
submitted
01/06/2023, 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

chrome-update01515.apk
Size

541KB
MD5

dd2d7e51b450f315a16eb58086584ad8
SHA1

036cfd1d37c30d5b7b5c993ecc4920381f55b3fa
SHA256

e7605aa4a7cada543abd3ab160a69a26d9e9d7a4e815645cbd882cd4e8f1753f
SHA512

da34289712114b6beedcf77a4d59fe4504fbd619f483b885589a23305792ec38e0080f636f84fa929c2adf6103e74e4c42c8a76c368910505602e4a3ab47814e
SSDEEP

12288:4wiBvyQqX7t9NLXWCxKHBU78SdBpj7TrRgWn8:Javy9X7lmZWvpTrWWn8

Score

10^/10

octo banker infostealer ransomware rat trojan

Malware Config

Extracted

Family

octo

https://vnajgumonculeag.info/YWRhZjAxNGM1YjFh/

https://cnajomoredgac.pro/YWRhZjAxNGM1YjFh/

https://honeuyseebadg.live/YWRhZjAxNGM1YjFh/

https://hastperstians.space/YWRhZjAxNGM1YjFh/

https://laskerbanys.kz/YWRhZjAxNGM1YjFh/

AES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 3 IoCs

resource	yara_rule
behavioral2/files/4756-0.dat	family_octo
behavioral2/memory/4756-0.dex	family_octo
behavioral2/memory/4756-1.dex	family_octo

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.strongdown6/cache/myuyhdijvua	4756	com.strongdown6
/data/user/0/com.strongdown6/cache/myuyhdijvua	4756	com.strongdown6

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.strongdown6

com.strongdown6
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.strongdown6/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.strongdown6/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
1150d33aa25edfd92d07c3315b988963

SHA1
9ffe3b295ffcdd9473ee11330b8a218e608db6e2

SHA256
7d7d68136529c0f015772bbc10277cc2f4ac779702ecf298524c3c0e5ade0758

SHA512
3959d1ed084433261cfed5a33e0cf8aa58c150e82ae8996b1fbb92c7e3b61c8bd8e9f9a3088aaec6e0c0c45fab15e246d1db4f010acfe30b98695f8c4f637eea

Download Submit
/data/user/0/com.strongdown6/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.strongdown6/app_webview/Web Data-journal

Filesize
1KB

MD5
8943496af704e56c802e4238be3503da

SHA1
b606d74294c63699ec15a235b839c78b6fe3560e

SHA256
b145c0d480ec440c470ceea97b8a2190e74909151d3f5d43604900baf83035f6

SHA512
a15bbac095d230d3f0a4f58de7ee236341c957291d10f093d8e1cc58cf31ab3d1766805e3eb8d301f637dcc9fdbfbf0bc39433e51450876b34bfd538ef39c77e

Download Submit
/data/user/0/com.strongdown6/app_webview/metrics_guid

Filesize
36B

MD5
88fe065fcb1d772e9b777dab9c2cfb90

SHA1
ef00123910df47175df20ecd3bc33d4a2ec30a28

SHA256
47630592a69f50fbfeee71c3c60d9454b831431d32cc983ae9cc3c885526c919

SHA512
b754e4fae0e3c134ff9fe0a55caaf0b8bba7d5d887a2549da653c67dabd6916de35739ae6c8506789f950aad7f5241cf213214c8f39f6b13adfdf8e5c524998d

Download Submit
/data/user/0/com.strongdown6/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
c075dc726dead38741abd1ec691e8341

SHA1
7fa5ad6da21077a9a0502bd3d8fd17019fe07688

SHA256
ba70610bf08432ce00bf4eb1e2b3a88cfa94719d599b9624858c690bafe1778d

SHA512
f87c93f21f64d3f9d8797c1ed7cf094ae43fbb3b0ebb50add2f671230a71f7b5b62beef4f235fd4a69459c44469da193f3ecc2812892f3a4101386c6b00649fd

Download Submit
/data/user/0/com.strongdown6/cache/myuyhdijvua

Filesize
449KB

MD5
f0faf93064c31cbe7989d04a5d195e9d

SHA1
4f5703118668430710970c69cd0e10deafa6c750

SHA256
5cee6b3299e090b467d2adeb2b12ed92b5d4786e8ea8b95f7d288d15d6db2eba

SHA512
234c2c5a7549bdfd7121b4f13c1a217d806d53cf470907b66f4a22d473a088019e5114f4a743efc34785728ed9ad962842aa62818f98f4e067845384464a569c

Download Submit
/data/user/0/com.strongdown6/cache/myuyhdijvua

Filesize
449KB

MD5
f0faf93064c31cbe7989d04a5d195e9d

SHA1
4f5703118668430710970c69cd0e10deafa6c750

SHA256
5cee6b3299e090b467d2adeb2b12ed92b5d4786e8ea8b95f7d288d15d6db2eba

SHA512
234c2c5a7549bdfd7121b4f13c1a217d806d53cf470907b66f4a22d473a088019e5114f4a743efc34785728ed9ad962842aa62818f98f4e067845384464a569c

Download Submit
/data/user/0/com.strongdown6/cache/myuyhdijvua

Filesize
449KB

MD5
f0faf93064c31cbe7989d04a5d195e9d

SHA1
4f5703118668430710970c69cd0e10deafa6c750

SHA256
5cee6b3299e090b467d2adeb2b12ed92b5d4786e8ea8b95f7d288d15d6db2eba

SHA512
234c2c5a7549bdfd7121b4f13c1a217d806d53cf470907b66f4a22d473a088019e5114f4a743efc34785728ed9ad962842aa62818f98f4e067845384464a569c

Download Submit
/data/user/0/com.strongdown6/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.strongdown6/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
1070dfa6a1b673bba66552b10230ecce

SHA1
549e5ba5e2e62c91ecf411c0b2e052531d9e5e63

SHA256
d09f5bbcee0d42bcd16dfc2068196bfce39cf4e14575c55c148286ec21e90dd4

SHA512
6ee0d30dba86b81abc72b7041ff0cd50f5187186aae5c17205c96646fd16e20339beb7e53aca69c288aa48b3642013b5379d2e2d5dcdc9173a83ce61836570c7

Download Submit
/data/user/0/com.strongdown6/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.strongdown6/shared_prefs/main.xml

Filesize
133B

MD5
59da7d126f02d5d525d16bbe72496a4b

SHA1
ecb76d979ba1e79abca665af180e474671cc11cb

SHA256
6b96e71fb8c930c1df6221f8f5d147bec372450a2a37027f59f46718488be784

SHA512
02ecfd51a7c131bf6b5d1a44c08c6ef6c426d981ff92c4c01e5b38aac1db848ffc68c91d36c2491bf5918dc62fb5e2b04fa35c9d54c04f3828a1b6e6ea84416c

Download Submit
/data/user/0/com.strongdown6/shared_prefs/main.xml

Filesize
5KB

MD5
fb6c828ad5ab9f08b8f597432865ead5

SHA1
fe7372af4280faf06843ab8c12d845e571a5b3f4

SHA256
6d2cbd39a1dff962626f0540fed7767f645d94e5b2c3521498e5be3f7d854fc9

SHA512
5a4bebfeb16b5fa13caf98be1700ed2c09162f4fd668fc1fbcb4a6655466b93e48e44209f463ba7bb591a4a513c79fd8a58cbcf5e1900db43c6a77ace7775b6b

Download Submit