octo | 6dda51e294cc343b50106676ad5708face3cfc7f16d99f69a34e4b3b85c632cc

Analysis

max time kernel
149404s
max time network
93s
platform
android_x64
resource
android-x64-20230621-en
submitted
18-08-2023 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

update.apk
Size

1.5MB
MD5

b19d2a01cdf45550d6ebcdf3b3be55d3
SHA1

10a3b5f0f6d4e5d36d77ba239ea62f5e9d5b4315
SHA256

6dda51e294cc343b50106676ad5708face3cfc7f16d99f69a34e4b3b85c632cc
SHA512

bd3a617f8fbd132d0b596bc56589696d36646fb5c2395ef24bd93f2cf5108d2a3fea007c8afa2267f6cd5e0fb05b9cf7e831aa6c2e5e9cf857fc6dbfc74956ea
SSDEEP

24576:aYum58rdGWVQQn0pEMUgTlIEfM3ArYNOb5Z9ZHqGgzmzKjU+La5CCaEAh74zZ:wm5aGWuQn0pugTS6MwcWZHqfU0a5CCa2

Score

10^/10

octo banker infostealer ransomware rat trojan

Malware Config

Extracted

Family

octo

https://ipworldscanbest.xyz/NmE0N2YwOWEzMTM3/

https://ipworldbestscan.xyz/NmE0N2YwOWEzMTM3/

https://worldbestscanip.xyz/NmE0N2YwOWEzMTM3/

https://worldbestipscan.xyz/NmE0N2YwOWEzMTM3/

https://worldscanbestip.xyz/NmE0N2YwOWEzMTM3/

https://worldscanipbest.xyz/NmE0N2YwOWEzMTM3/

https://bestworldscanip.xyz/NmE0N2YwOWEzMTM3/

https://bestipworldscan.xyz/NmE0N2YwOWEzMTM3/

https://scanbestworldip.xyz/NmE0N2YwOWEzMTM3/

https://newfastcheckdns.xyz/NmE0N2YwOWEzMTM3/

https://newfastdnscheck.xyz/NmE0N2YwOWEzMTM3/

https://dnscheckdouble.xyz/NmE0N2YwOWEzMTM3/

https://checkdoubledns.xyz/NmE0N2YwOWEzMTM3/

https://doublecheckdns.xyz/NmE0N2YwOWEzMTM3/

https://alldnsfastcheck.xyz/NmE0N2YwOWEzMTM3/

https://dnsfastcheckall.xyz/NmE0N2YwOWEzMTM3/

AES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 3 IoCs

resource	yara_rule
behavioral2/files/4773-1.dat	family_octo
behavioral2/memory/4773-1.dex	family_octo
behavioral2/memory/4773-2.dex	family_octo

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fullnamef/app_DynamicOptDex/CstWH.json	4773	com.fullnamef
/data/user/0/com.fullnamef/cache/vowqkk	4773	com.fullnamef
/data/user/0/com.fullnamef/cache/vowqkk	4773	com.fullnamef

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fullnamef

com.fullnamef
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4773

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.fullnamef/.qcom.fullnamef

Filesize
48B

MD5
046a414913add6f5bb60072c7db819b6

SHA1
451ee4f6809260aec622d772fd329c7d0297a842

SHA256
b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

SHA512
4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Download Submit
/data/user/0/com.fullnamef/app_DynamicOptDex/CstWH.json

Filesize
2KB

MD5
259311619952ad52b63e6a2f87697a32

SHA1
68f4f8e1d5f80663a20cd30e83c0bcbf9838bc48

SHA256
0e317adb7adf782cc32e75e75c16af6c82ded2136f499a0dcf8fe5f2308150f0

SHA512
7c192f5b9af89dd7c23a215b9baa57f961bf88485dc82949f33eac98873993aae0ae38d018a80995c47c3dbe8b9545807a48263fc1a9ec176f2ecbc404c7f86c

Download Submit
/data/user/0/com.fullnamef/app_DynamicOptDex/CstWH.json

Filesize
5KB

MD5
482e84d1a0245df924229ba75ebc4c09

SHA1
1d43565aca4b40e727163628cf7f236457061e09

SHA256
93e026d384843d6c407cdcd41c07769dfcb91c0b06780193c31526132f5a98ac

SHA512
edafd7968eea1201316b5fda63827c2b3814b4c3cca47126fd6b2afc2d8d2cc4b76513df411f9f703767ff9d9375eafec62535be983e7af7682a7e03cc044a1b

Download Submit
/data/user/0/com.fullnamef/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.fullnamef/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
ac0406429bd91ee6f42c10a5ec7e86ad

SHA1
5e96e23ea7b6374297f02d811f68aa0b5021634f

SHA256
0968e3fc81ff3267dc953b3503ae830f4e546a54e9e5a3a356a2b3b7c866bc51

SHA512
ccb04d3dfa77a7768199f7d65a5a692ed80de39853e6601335ee269ddda60f29073ac88e713e061d89f3b33fd4326945842fa7a14368371c9f2470df03f6589b

Download Submit
/data/user/0/com.fullnamef/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.fullnamef/app_webview/Web Data-journal

Filesize
1KB

MD5
a3a64d9b2f62ee44270c64f822673897

SHA1
268580d048171efb84af2e9ca447a61eb338d738

SHA256
571df8acebea5b225081f94dd31a2340563d5effe5cabb12d17ff48669e7da8d

SHA512
3b98d38e4f40985b1d25228dbe1366abc16f3265a4d5c03e721eda828d199a63d64ce5bbb1580b95d50e2df327c9bc5a65083910f241cb417c99dc46ad07c78c

Download Submit
/data/user/0/com.fullnamef/app_webview/metrics_guid

Filesize
36B

MD5
4d77ac08d01b42d4b1f11fa9642324e8

SHA1
8634230b209baa39d4fdf7b32607fa1b30dfb78e

SHA256
80af9531640c37360fbaea3c125e7b72a5db34865f005a1041ab146b9f8fbbf5

SHA512
c6b1a46181e78dfbceb9160aa8f15be1d90ecb2ab2e786567377a146b615d90b9df3e2b40a00da5b7523591e8d0942d7eb310e0bfde14b56eb6c14bb3f1094c6

Download Submit
/data/user/0/com.fullnamef/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
d0170b7b3aae985dd3bfcb24efc1ad12

SHA1
b83ae4d2655ced0bbf5076c1da0eaf90899d8e18

SHA256
c5a07a6fc9bee0d5333f33d5c8e3b10246f10a19017a9bdcdf89454e4380cacc

SHA512
60ead52f3683366ecad84d0d8a4179ca78c7525fe4a39e90eff2f1e19b0e2f687d4ba80e10987e33a7cd44e0b2a8975d83bede9505b379b3a45a32e24c68d355

Download Submit
/data/user/0/com.fullnamef/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.fullnamef/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
07ff36ae3e748af8cedb3f9358a43a6d

SHA1
7b8ec2fd165fa3d6a53572df0937a9ae32953fa4

SHA256
d178a34c9b21d30ecf2aac3f4ab382bfaf84e256fd65a5c0b8c4715a5394d491

SHA512
3e1506620c033e84dc4c013cd5e767ca6ffa5a9c0d7dbdfe62fb6bd949f3a7f129087eb151e5569325b246b31406a8f5eb857be71f4ee7d13cbeb2b6b750d25f

Download Submit
/data/user/0/com.fullnamef/cache/vowqkk

Filesize
448KB

MD5
406a40ac186b464c435b622b74161cb1

SHA1
0cad308d8703f66f6eed5c34268e9e6668d11f43

SHA256
e233bb42b6ea78f16643c71ab8a4224656777f3e7ea415811e439c812a7c3643

SHA512
9cbbe4616902fb420aa3af82d521076d0466b73ce406540e15a29f76d6a60838a1a5b4753d26e9d87c58294bba302d176801bd90825156ef17f0b43b33a58a33

Download Submit
/data/user/0/com.fullnamef/cache/vowqkk

Filesize
448KB

MD5
406a40ac186b464c435b622b74161cb1

SHA1
0cad308d8703f66f6eed5c34268e9e6668d11f43

SHA256
e233bb42b6ea78f16643c71ab8a4224656777f3e7ea415811e439c812a7c3643

SHA512
9cbbe4616902fb420aa3af82d521076d0466b73ce406540e15a29f76d6a60838a1a5b4753d26e9d87c58294bba302d176801bd90825156ef17f0b43b33a58a33

Download Submit
/data/user/0/com.fullnamef/cache/vowqkk

Filesize
448KB

MD5
406a40ac186b464c435b622b74161cb1

SHA1
0cad308d8703f66f6eed5c34268e9e6668d11f43

SHA256
e233bb42b6ea78f16643c71ab8a4224656777f3e7ea415811e439c812a7c3643

SHA512
9cbbe4616902fb420aa3af82d521076d0466b73ce406540e15a29f76d6a60838a1a5b4753d26e9d87c58294bba302d176801bd90825156ef17f0b43b33a58a33

Download Submit
/data/user/0/com.fullnamef/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.fullnamef/shared_prefs/main.xml

Filesize
131B

MD5
ee7f52596462427fe5efa51b15918196

SHA1
f29b8f058f88dd1b2a98510f22b0ed465daa4bbc

SHA256
2652394f15ca2a58fc57dd91fd1cb5d6f299afd828e6818b0e5b970a8e5aaf0d

SHA512
1082937e2d61beb6a4653f1ac6dec0375461ddeb742a77852ef78b849b84b4d6fd92a42a6d07566da8940b72315f5fee0261611e85d1ce52da2350b704353475

Download Submit
/data/user/0/com.fullnamef/shared_prefs/main.xml

Filesize
5KB

MD5
751a74a27f998be47bb3317cb98f101d

SHA1
c529268e7fd02353ed6bebc2140e921c34ccd436

SHA256
0e848f6c81871b3f4b39ff6a2b28b41dca10653a16980b142a94dae67d718ad6

SHA512
64f32fbad70f8eff8d4388382a55e1114703d01d5a7289d10f2eafd4a8f26185c94f86a26672e6e9b90c14132a8b7a567888add9ae5b63c4309d22be92367124

Download Submit