octo | 6dda51e294cc343b50106676ad5708face3cfc7f16d99f69a34e4b3b85c632cc

Analysis

max time kernel
179115s
max time network
159s
platform
android_x64
resource
android-x64-20230621-en
submitted
18-08-2023 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dda51e294cc343b50106676ad5708face3cfc7f16d99f69a34e4b3b85c632cc.apk
Size

1.5MB
MD5

b19d2a01cdf45550d6ebcdf3b3be55d3
SHA1

10a3b5f0f6d4e5d36d77ba239ea62f5e9d5b4315
SHA256

6dda51e294cc343b50106676ad5708face3cfc7f16d99f69a34e4b3b85c632cc
SHA512

bd3a617f8fbd132d0b596bc56589696d36646fb5c2395ef24bd93f2cf5108d2a3fea007c8afa2267f6cd5e0fb05b9cf7e831aa6c2e5e9cf857fc6dbfc74956ea
SSDEEP

24576:aYum58rdGWVQQn0pEMUgTlIEfM3ArYNOb5Z9ZHqGgzmzKjU+La5CCaEAh74zZ:wm5aGWuQn0pugTS6MwcWZHqfU0a5CCa2

Score

10^/10

octo banker infostealer ransomware rat trojan

Malware Config

Extracted

Family

octo

https://ipworldscanbest.xyz/NmE0N2YwOWEzMTM3/

https://ipworldbestscan.xyz/NmE0N2YwOWEzMTM3/

https://worldbestscanip.xyz/NmE0N2YwOWEzMTM3/

https://worldbestipscan.xyz/NmE0N2YwOWEzMTM3/

https://worldscanbestip.xyz/NmE0N2YwOWEzMTM3/

https://worldscanipbest.xyz/NmE0N2YwOWEzMTM3/

https://bestworldscanip.xyz/NmE0N2YwOWEzMTM3/

https://bestipworldscan.xyz/NmE0N2YwOWEzMTM3/

https://scanbestworldip.xyz/NmE0N2YwOWEzMTM3/

https://newfastcheckdns.xyz/NmE0N2YwOWEzMTM3/

https://newfastdnscheck.xyz/NmE0N2YwOWEzMTM3/

https://dnscheckdouble.xyz/NmE0N2YwOWEzMTM3/

https://checkdoubledns.xyz/NmE0N2YwOWEzMTM3/

https://doublecheckdns.xyz/NmE0N2YwOWEzMTM3/

https://alldnsfastcheck.xyz/NmE0N2YwOWEzMTM3/

https://dnsfastcheckall.xyz/NmE0N2YwOWEzMTM3/

AES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 3 IoCs

resource	yara_rule
behavioral2/files/4902-1.dat	family_octo
behavioral2/memory/4902-1.dex	family_octo
behavioral2/memory/4902-2.dex	family_octo

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fullnamef/app_DynamicOptDex/CstWH.json	4902	com.fullnamef
/data/user/0/com.fullnamef/cache/vowqkk	4902	com.fullnamef
/data/user/0/com.fullnamef/cache/vowqkk	4902	com.fullnamef

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fullnamef

com.fullnamef
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4902

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.fullnamef/.qcom.fullnamef

Filesize
48B

MD5
046a414913add6f5bb60072c7db819b6

SHA1
451ee4f6809260aec622d772fd329c7d0297a842

SHA256
b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

SHA512
4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Download Submit
/data/user/0/com.fullnamef/app_DynamicOptDex/CstWH.json

Filesize
2KB

MD5
259311619952ad52b63e6a2f87697a32

SHA1
68f4f8e1d5f80663a20cd30e83c0bcbf9838bc48

SHA256
0e317adb7adf782cc32e75e75c16af6c82ded2136f499a0dcf8fe5f2308150f0

SHA512
7c192f5b9af89dd7c23a215b9baa57f961bf88485dc82949f33eac98873993aae0ae38d018a80995c47c3dbe8b9545807a48263fc1a9ec176f2ecbc404c7f86c

Download Submit
/data/user/0/com.fullnamef/app_DynamicOptDex/CstWH.json

Filesize
5KB

MD5
482e84d1a0245df924229ba75ebc4c09

SHA1
1d43565aca4b40e727163628cf7f236457061e09

SHA256
93e026d384843d6c407cdcd41c07769dfcb91c0b06780193c31526132f5a98ac

SHA512
edafd7968eea1201316b5fda63827c2b3814b4c3cca47126fd6b2afc2d8d2cc4b76513df411f9f703767ff9d9375eafec62535be983e7af7682a7e03cc044a1b

Download Submit
/data/user/0/com.fullnamef/cache/vowqkk

Filesize
448KB

MD5
406a40ac186b464c435b622b74161cb1

SHA1
0cad308d8703f66f6eed5c34268e9e6668d11f43

SHA256
e233bb42b6ea78f16643c71ab8a4224656777f3e7ea415811e439c812a7c3643

SHA512
9cbbe4616902fb420aa3af82d521076d0466b73ce406540e15a29f76d6a60838a1a5b4753d26e9d87c58294bba302d176801bd90825156ef17f0b43b33a58a33

Download Submit
/data/user/0/com.fullnamef/cache/vowqkk

Filesize
448KB

MD5
406a40ac186b464c435b622b74161cb1

SHA1
0cad308d8703f66f6eed5c34268e9e6668d11f43

SHA256
e233bb42b6ea78f16643c71ab8a4224656777f3e7ea415811e439c812a7c3643

SHA512
9cbbe4616902fb420aa3af82d521076d0466b73ce406540e15a29f76d6a60838a1a5b4753d26e9d87c58294bba302d176801bd90825156ef17f0b43b33a58a33

Download Submit
/data/user/0/com.fullnamef/cache/vowqkk

Filesize
448KB

MD5
406a40ac186b464c435b622b74161cb1

SHA1
0cad308d8703f66f6eed5c34268e9e6668d11f43

SHA256
e233bb42b6ea78f16643c71ab8a4224656777f3e7ea415811e439c812a7c3643

SHA512
9cbbe4616902fb420aa3af82d521076d0466b73ce406540e15a29f76d6a60838a1a5b4753d26e9d87c58294bba302d176801bd90825156ef17f0b43b33a58a33

Download Submit
/data/user/0/com.fullnamef/shared_prefs/main.xml

Filesize
131B

MD5
ee7f52596462427fe5efa51b15918196

SHA1
f29b8f058f88dd1b2a98510f22b0ed465daa4bbc

SHA256
2652394f15ca2a58fc57dd91fd1cb5d6f299afd828e6818b0e5b970a8e5aaf0d

SHA512
1082937e2d61beb6a4653f1ac6dec0375461ddeb742a77852ef78b849b84b4d6fd92a42a6d07566da8940b72315f5fee0261611e85d1ce52da2350b704353475

Download Submit
/data/user/0/com.fullnamef/shared_prefs/main.xml

Filesize
198B

MD5
28a58707e57b7dd5c26bd18028ca8588

SHA1
68e406f0411b588fafdc1a2b7ba5129ab4425c8d

SHA256
ba74ac366ee51b318961eaf8b555c35e90277d733b9f4a7371bb66df77fc4d48

SHA512
c9219df63f198acfd7c72d90601693925ba3167b4e6dadc90f2ba4c54ba6fd0229b30348bb35c4f3b690e1dd6c58abffb09b025ed91299c6941038273734c680

Download Submit
/data/user/0/com.fullnamef/shared_prefs/main.xml

Filesize
5KB

MD5
751a74a27f998be47bb3317cb98f101d

SHA1
c529268e7fd02353ed6bebc2140e921c34ccd436

SHA256
0e848f6c81871b3f4b39ff6a2b28b41dca10653a16980b142a94dae67d718ad6

SHA512
64f32fbad70f8eff8d4388382a55e1114703d01d5a7289d10f2eafd4a8f26185c94f86a26672e6e9b90c14132a8b7a567888add9ae5b63c4309d22be92367124

Download Submit