octo | 1289fb665610b4f5f9cfa5e37bd7e9ab0cc5f2b7b3ea841bef39c49680057536

Analysis

max time kernel
556612s
max time network
22s
platform
android_x64
resource
android-x64-20230621-en
submitted
04/07/2023, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

chromeupdate31761apk.apk
Size

541KB
MD5

1c05aa3589911652b2f4daddaf71171d
SHA1

5a0e10c2f7fc0ea513dda84a17cfc143ec7164ad
SHA256

1289fb665610b4f5f9cfa5e37bd7e9ab0cc5f2b7b3ea841bef39c49680057536
SHA512

458cbb4eff4210fdfa72854728cb0b17fa95760a160bbfa1a2d680fdedaf8e5340f480b1570b85bd3228e11657f343cea00d8b9c7c9db573eddb34e483c71ada
SSDEEP

12288:mr+izRt+QZypgEuvdZPNXZMNl5LE9+4ORdR:mr5t+WymEu1/XZq5mwF

Score

10^/10

octo banker infostealer ransomware rat trojan

Malware Config

Extracted

Family

octo

https://ufpyyrumrmdq.top/MTU2OWE0NzJjNGY5/

https://encgrcwfjntq.online/MTU2OWE0NzJjNGY5/

https://fbpxbqebmqto.info/MTU2OWE0NzJjNGY5/

https://ieuzqomcdodp.site/MTU2OWE0NzJjNGY5/

AES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 3 IoCs

resource	yara_rule
behavioral2/files/4944-0.dat	family_octo
behavioral2/memory/4944-0.dex	family_octo
behavioral2/memory/4944-1.dex	family_octo

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.herebetter40/cache/qsoojckzbtzsss	4944	com.herebetter40
/data/user/0/com.herebetter40/cache/qsoojckzbtzsss	4944	com.herebetter40

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.herebetter40

com.herebetter40
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.herebetter40/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.herebetter40/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
cdadc255466dc5f33c359f5cdc60d971

SHA1
91027ee8d3fa3f40a280621508475d87459aa867

SHA256
11699ec77953301b8795be6636f8d679e1f9ced6b6f9aa565cfbb27fa9299381

SHA512
9d2df693294e153ef21825f2b96891f7d2121ac092c88e88b445c42189049f0b8b4f033dc76f6f320f4895ba378c6fcd926475264a6d2b9273fb2021f6450856

Download Submit
/data/user/0/com.herebetter40/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.herebetter40/app_webview/Web Data-journal

Filesize
1KB

MD5
4f81b3055b930528ee692bacbcae0184

SHA1
a0a7c60931117aad1690f20c4e32ab996f85f263

SHA256
449d18da3fb4fdec8e90f92a73f5379c81d7508a66c37938523a9df2ae79d168

SHA512
1289c2bdb59d28f675267bd79575ce5e754d9417f911710424ef323c7b04ca803d4f1d8b6af179d4271f8d93911d2b30f91063357026597cf50d8ac08445c824

Download Submit
/data/user/0/com.herebetter40/app_webview/metrics_guid

Filesize
36B

MD5
fc049946d61c5df1b723a7585416917c

SHA1
0319eb9b3431891236ea0e43b085185b78f474fb

SHA256
a56f65a0142d755026a157ca511c01e70b3a27841893c69bf877613eb280d50b

SHA512
5ddb264330602fd936dd026ca58ed6e587d867b836f9d0a7ce0ad74d0f92567177f8c2aa5404e21198f9de9206ab8d3b2953e670bc3342d4de3a88048b0cd0e1

Download Submit
/data/user/0/com.herebetter40/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
34dc5ed8869745549b7f88ae6e8329b5

SHA1
3c10e5ec88f827c53995bda0e5ca2afbcd199cc4

SHA256
e08ef3261d65ab631bd826ab0dc23c77b6286d676acb29df5f9e12628c560548

SHA512
695e4f98f787b9e1ec9758f81c8f9994fb2283bb37708ac5ac1039c7e3a9f7768e5a90aa658cef69ab464b2260693bdf039c18696fef948a5e916e2e8e5afed0

Download Submit
/data/user/0/com.herebetter40/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.herebetter40/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
3b8ec470e639e7b609accc364b10e9cc

SHA1
2157794ec60a9bc1201e063b5722d9da421f44e2

SHA256
4e9749cfa18b7c0c50bc7dff23d3a36a41a9f90e109fafa2307c04ed75959d15

SHA512
d583c95f6863f0aca3687bd4c1c83798bbedfa5f44670095d256a43a56cec2b5f52aa7d8eaae51e2b0d76d7ef8389fdf614718f791685c8d536818689537019c

Download Submit
/data/user/0/com.herebetter40/cache/qsoojckzbtzsss

Filesize
450KB

MD5
7d4e6b48150971fe50e9093cfba83db8

SHA1
88ea6bfca9d1182a3875da0cc95e000909a4e604

SHA256
07fd117bb5c6cf12c219b46a80956598553fc7265cad5ee8179a73f120c843db

SHA512
dda645e5297a1ceea9744387e64950e0baed705e079b2a8e93b66f779d29ec21d3d9d4ae0cca1f57468bfdd15ec8b7d0d7e7a1c5c67bbcb47c334050487fa5ad

Download Submit
/data/user/0/com.herebetter40/cache/qsoojckzbtzsss

Filesize
450KB

MD5
7d4e6b48150971fe50e9093cfba83db8

SHA1
88ea6bfca9d1182a3875da0cc95e000909a4e604

SHA256
07fd117bb5c6cf12c219b46a80956598553fc7265cad5ee8179a73f120c843db

SHA512
dda645e5297a1ceea9744387e64950e0baed705e079b2a8e93b66f779d29ec21d3d9d4ae0cca1f57468bfdd15ec8b7d0d7e7a1c5c67bbcb47c334050487fa5ad

Download Submit
/data/user/0/com.herebetter40/cache/qsoojckzbtzsss

Filesize
450KB

MD5
7d4e6b48150971fe50e9093cfba83db8

SHA1
88ea6bfca9d1182a3875da0cc95e000909a4e604

SHA256
07fd117bb5c6cf12c219b46a80956598553fc7265cad5ee8179a73f120c843db

SHA512
dda645e5297a1ceea9744387e64950e0baed705e079b2a8e93b66f779d29ec21d3d9d4ae0cca1f57468bfdd15ec8b7d0d7e7a1c5c67bbcb47c334050487fa5ad

Download Submit
/data/user/0/com.herebetter40/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.herebetter40/shared_prefs/main.xml

Filesize
134B

MD5
7b9cef657f7a70a93e54f5b356640c39

SHA1
82037a2789e4864e1a6fe486076b7ad75b87090b

SHA256
3c1bdf61cdbedaf3e4f876911df5a38b70d80825938ef68a14ef725c74effe43

SHA512
98fb4d8526e5c71b88c674f1428b253fc884445e1a4bc212a7cc5b7eca90c512d4159691d281e6e61d7141e0de5e9c89270b212022dd196925757fe265e47e79

Download Submit
/data/user/0/com.herebetter40/shared_prefs/main.xml

Filesize
5KB

MD5
77614d71bb04cf9c3d96d26e3c353beb

SHA1
3fc87521d78dd3f16d7d2a0964d27e5b6a7b74c2

SHA256
d187db1a1eccffc426ed8961139bcf12c10aab626c4c42eef9fdeaab1d835ad3

SHA512
9749792a42f47208f38abb43137965b06aeda2a73902b50d8c5da94c1887aeea0cef2092c804c0df1c66f857fd4abdb366c1ed86ce2dc33bbb2d8dc5bf398b15

Download Submit