octo | b2c01a8141c1be61e26e8f663d5b28207f1bdd2e259487d0904f11e7eafcae31 | Triage

Submit
Reports

Overview

overview

Static

static

7

b2c01a8141...31.apk

android-9-x86

b2c01a8141...31.apk

android-11-x64

Sharing

General

Target

b2c01a8141c1be61e26e8f663d5b28207f1bdd2e259487d0904f11e7eafcae31.bin
Size

541KB
Sample

230722-s1jwhsbc45
MD5

e9686ea8a9a4ff91980f2d6dcfdfda38
SHA1

4cc8010d3b69c768be00be2437da56a1232d1bac
SHA256

b2c01a8141c1be61e26e8f663d5b28207f1bdd2e259487d0904f11e7eafcae31
SHA512

c429605ab8aa6d768134b3e0c3fb91a15d1103b8a19f588e7937afb9eea2873962b995d61fec31418e74aa81b6a96d6a24d3fb62a1897f9121ce1de1cecb0d19
SSDEEP

12288:TXGbO+aqAoyN+bvPUv/XxZJ8M9pjTmdsH88kO9fNkq2fcK:bGpaqA5NJhZXlpd99fw3

Score

10^/10

octo android banker evasion infostealer ransomware rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b2c01a8141c1be61e26e8f663d5b28207f1bdd2e259487d0904f11e7eafcae31.apk

Resource

android-x86-arm-20230621-en

octo banker evasion infostealer ransomware rat trojan

android-9-x86

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2c01a8141c1be61e26e8f663d5b28207f1bdd2e259487d0904f11e7eafcae31.apk

Resource

android-x64-arm64-20230621-en

octo banker evasion infostealer ransomware rat trojan

android-11-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

octo

C2

https://12logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://13logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://14logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://15logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://16logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://17logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://18logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://19logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://20logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://21logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://22logites432532s.xyz/ZTIyNTVmMmE1NzNl/

AES_key

Targets

- Target
  
  b2c01a8141c1be61e26e8f663d5b28207f1bdd2e259487d0904f11e7eafcae31.bin
- Size
  
  541KB
- MD5
  
  e9686ea8a9a4ff91980f2d6dcfdfda38
- SHA1
  
  4cc8010d3b69c768be00be2437da56a1232d1bac
- SHA256
  
  b2c01a8141c1be61e26e8f663d5b28207f1bdd2e259487d0904f11e7eafcae31
- SHA512
  
  c429605ab8aa6d768134b3e0c3fb91a15d1103b8a19f588e7937afb9eea2873962b995d61fec31418e74aa81b6a96d6a24d3fb62a1897f9121ce1de1cecb0d19
- SSDEEP
  
  12288:TXGbO+aqAoyN+bvPUv/XxZJ8M9pjTmdsH88kO9fNkq2fcK:bGpaqA5NJhZXlpd99fw3
Score

10^/10

octo banker evasion infostealer ransomware rat trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo payload
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

octobankerevasioninfostealerransomwarerattrojan

behavioral2

octobankerevasioninfostealerransomwarerattrojan

© 2018-2025

Terms | Privacy