octo | 84809b81fda4ec780cba3ca3c6ab4e7b31a9fe1484a15682ee71d3d31be681c7

Analysis

max time kernel
1907065s
max time network
153s
platform
android_x64
resource
android-x64-20230831-en
submitted
07-09-2023 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84809b81fda4ec780cba3ca3c6ab4e7b31a9fe1484a15682ee71d3d31be681c7.apk
Size

3.0MB
MD5

540cc8853a81b20b0290fd5e84f47587
SHA1

732fca8033282f9808bcb16d79a7f3be7d7120c5
SHA256

84809b81fda4ec780cba3ca3c6ab4e7b31a9fe1484a15682ee71d3d31be681c7
SHA512

7e0bbb8de7e5962547485ab5f290a34d48a911bea232319f49396db31f3fa32227c645c128dfdd40f3a3ec4bf5d95a0d0834f9363557644563b2c30b14543867
SSDEEP

49152:HMkPFtlUkAnbCWfubDeuEqK0ZNMxGoe9B+YwR9HC3M8J09TmL+fMybjJks1Ce9la:HMAFfUXbTGiuu0ZNE/kBsRw3M20w+FbY

Score

10^/10

octo banker infostealer ransomware rat trojan

Malware Config

Extracted

Family

octo

https://nigemgrouapp.site/MWVlMGI1ODc4NjFj/

https://nigemgrouapp.net/MWVlMGI1ODc4NjFj/

https://stormslva.net/MWVlMGI1ODc4NjFj/

https://strmphone.net/MWVlMGI1ODc4NjFj/

https://strmbaselib.com/MWVlMGI1ODc4NjFj/

AES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 3 IoCs

Processes:

resource	yara_rule
/data/data/com.readouteujl/cache/fevagcbgflq	family_octo
/data/user/0/com.readouteujl/cache/fevagcbgflq	family_octo
/data/user/0/com.readouteujl/cache/fevagcbgflq	family_octo

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.readouteujl

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.readouteujl
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.readouteujl

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.readouteujl

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.readouteujl
Acquires the wake lock. 1 IoCs

Processes:

com.readouteujl

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.readouteujl

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.readouteujl

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.readouteujl

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.readouteujl

ioc	pid	process
/data/user/0/com.readouteujl/app_ded/gSAJkF3XZxy3HkjfTnG3hH2UEAltiJMK.dex	5013	com.readouteujl
/data/user/0/com.readouteujl/app_ded/gSAJkF3XZxy3HkjfTnG3hH2UEAltiJMK.dex	5013	com.readouteujl
/data/user/0/com.readouteujl/cache/fevagcbgflq	5013	com.readouteujl
/data/user/0/com.readouteujl/cache/fevagcbgflq	5013	com.readouteujl

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.readouteujl

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.readouteujl

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.readouteujl

com.readouteujl
1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5013
- rm -r/data/user/0/com.readouteujl/app_ded/gSAJkF3XZxy3HkjfTnG3hH2UEAltiJMK.dex
  2⤵
  PID:5086

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.readouteujl/.qcom.readouteujl

Filesize
48B

MD5
046a414913add6f5bb60072c7db819b6

SHA1
451ee4f6809260aec622d772fd329c7d0297a842

SHA256
b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

SHA512
4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Download Submit
/data/data/com.readouteujl/app_ded/gSAJkF3XZxy3HkjfTnG3hH2UEAltiJMK.dex

Filesize
7KB

MD5
884208faea839e7f5634f2bbfd55cc0d

SHA1
b0f11b7dc59e0c41f1258e7c9e50ff45ca282391

SHA256
31c85723ca3eed0496201c67b501a38b728fa05794d146ea34a6f4c9b997a35c

SHA512
fe9130029946cd91fbd8283f873d677ead3a75f6e06822ffb7ada0ece7533db698380cae7d7ad10acad5d8f2fe80dd03f8b0d74fdb1a6f7172c619d0f440dd77

Download Submit
/data/data/com.readouteujl/cache/fevagcbgflq

Filesize
450KB

MD5
1a6bb14c9072bdb02410b9e86dca3482

SHA1
5ab5e3cbff4021cf54d83b672e8581e605373ba2

SHA256
dfa9893c05fc678450124420cf97a636e82c8ceab4b479e9b5900b37a98c4596

SHA512
ec7899b244d51bc45cff2eacd14a01246d216263d28741d4c43058e4bca5a40d07b31234546a800a3d8e6dc73f655fe41a1dbbc42e2081ff992b5667e9529476

Download Submit
/data/data/com.readouteujl/cache/oat/fevagcbgflq.cur.prof

Filesize
452B

MD5
f67ba7780e2f1e9d1f3256ec8d2c11bc

SHA1
a83fd794beb29a93e7fce95d42483c0ccb1fa47c

SHA256
b4dfd1596c3ffde9234ba7c4c7e51ea5c397ad691d867eb1d3b0dc330e31e8cf

SHA512
7c5b952e14b76403affb307917601eff1d5b05b229720b9e1cbf5a31e5301919779eed837568eb8a8e7054466dfdee267e9f3a558905dd67a3653784b1731694

Download Submit
/data/data/com.readouteujl/kl.txt

Filesize
230B

MD5
a94848b17846b0c8faaa2251533d9e60

SHA1
eeb27a356ff3d3719d314b86bd630a9054119e5a

SHA256
1af1bfd164a32da23b433c6826468c0a4687296c9e274ed43cbfba1bd7b3a993

SHA512
754944946fd8f729384d2f85e86c5ff764a59849506575db1b8fe852b62d0dac6c42c42487ed401f1769ba327a9756233085b091760ac7944e00f13110de4a5c

Download Submit
/data/data/com.readouteujl/kl.txt

Filesize
54B

MD5
06aaf725f02b18fb739bfdc4fceea4a6

SHA1
a0f4946d339048be2d50e0ffca2623368b662929

SHA256
408981998785cbe2ae6379c0c4a2fc815b8c334d96d7e4470fa1b3fd246bfa47

SHA512
0435571855f9153fccce46119bd386d8d0a22f8217ca52c0a8c99f0b032ac502ef82543b235a6f67ee54703ad49e51bbf5537095f18c42662ae3357e22ac46d1

Download Submit
/data/data/com.readouteujl/kl.txt

Filesize
63B

MD5
3c3efa042b9bdd0b8cb12f7a3330b3ef

SHA1
5262c1650728599be99098a246e6730947a71807

SHA256
82bde2d9b50b8071c99e08006e229afa3ed23315b4ae821d00b1b76f34413836

SHA512
f72b3210d29fcf6af32444d611223db13b451b4fdd003f17814d5bd4448cca48820ec3b449fa89add4c575ca111009a9bc428edc58639f8c24da05ed089eac8b

Download Submit
/data/data/com.readouteujl/kl.txt

Filesize
45B

MD5
03684c440df1fc931ea4fe6890c3cce2

SHA1
6c735a4c783c643b40da603d5bfe84365dbe927f

SHA256
8e2643203d7d8a26d9d2a930073a75906a261a6094c5cad4c6bc2a8fc95e2fb7

SHA512
382194ef3cf5ae3f59d224c3bf2cdc0465da3c0d0064f6ddb18dee789fce6763fdcdef4f012314c8707b09a3c0ce3e98fc570290e9447622d0c241d033935f6f

Download Submit
/data/data/com.readouteujl/kl.txt

Filesize
423B

MD5
f68fbc71aca643e8ca6269fe69362bd0

SHA1
3133ba91329ce0e2809259e424e06a4b1b347c29

SHA256
cdc1276596f725519b2b9ca90a098e6fbc3b368a7eed4161b774ad7f69527f6a

SHA512
418fde290ed239f4c8d563a283a70cc3a2b0309eecf6b4c181c5b6bcb6d939a3c57e6d8e66be1f3ee82f769a70a8c842990863135f33ce4fa9b88dd39b334ce7

Download Submit
/data/user/0/com.readouteujl/app_ded/gSAJkF3XZxy3HkjfTnG3hH2UEAltiJMK.dex

Filesize
7KB

MD5
884208faea839e7f5634f2bbfd55cc0d

SHA1
b0f11b7dc59e0c41f1258e7c9e50ff45ca282391

SHA256
31c85723ca3eed0496201c67b501a38b728fa05794d146ea34a6f4c9b997a35c

SHA512
fe9130029946cd91fbd8283f873d677ead3a75f6e06822ffb7ada0ece7533db698380cae7d7ad10acad5d8f2fe80dd03f8b0d74fdb1a6f7172c619d0f440dd77

Download Submit
/data/user/0/com.readouteujl/app_ded/gSAJkF3XZxy3HkjfTnG3hH2UEAltiJMK.dex

Filesize
7KB

MD5
884208faea839e7f5634f2bbfd55cc0d

SHA1
b0f11b7dc59e0c41f1258e7c9e50ff45ca282391

SHA256
31c85723ca3eed0496201c67b501a38b728fa05794d146ea34a6f4c9b997a35c

SHA512
fe9130029946cd91fbd8283f873d677ead3a75f6e06822ffb7ada0ece7533db698380cae7d7ad10acad5d8f2fe80dd03f8b0d74fdb1a6f7172c619d0f440dd77

Download Submit
/data/user/0/com.readouteujl/cache/fevagcbgflq

Filesize
450KB

MD5
1a6bb14c9072bdb02410b9e86dca3482

SHA1
5ab5e3cbff4021cf54d83b672e8581e605373ba2

SHA256
dfa9893c05fc678450124420cf97a636e82c8ceab4b479e9b5900b37a98c4596

SHA512
ec7899b244d51bc45cff2eacd14a01246d216263d28741d4c43058e4bca5a40d07b31234546a800a3d8e6dc73f655fe41a1dbbc42e2081ff992b5667e9529476

Download Submit
/data/user/0/com.readouteujl/cache/fevagcbgflq

Filesize
450KB

MD5
1a6bb14c9072bdb02410b9e86dca3482

SHA1
5ab5e3cbff4021cf54d83b672e8581e605373ba2

SHA256
dfa9893c05fc678450124420cf97a636e82c8ceab4b479e9b5900b37a98c4596

SHA512
ec7899b244d51bc45cff2eacd14a01246d216263d28741d4c43058e4bca5a40d07b31234546a800a3d8e6dc73f655fe41a1dbbc42e2081ff992b5667e9529476

Download Submit