octo | bdeb5c21ccdd5336cf55a94aa4bb9691bbd421e45ae3366852b586309c49dd5b | Triage

Submit
Reports

Overview

overview

Static

static

7

bdeb5c21cc...5b.apk

android-9-x86

bdeb5c21cc...5b.apk

android-10-x64

Sharing

General

Target

bdeb5c21ccdd5336cf55a94aa4bb9691bbd421e45ae3366852b586309c49dd5b.bin
Size

545KB
Sample

231106-1wslvshb88
MD5

3a003918ad654c6e9bff8b2a4085b9e7
SHA1

748378e34c8a7644b554f3c34c08013843d4a5b1
SHA256

bdeb5c21ccdd5336cf55a94aa4bb9691bbd421e45ae3366852b586309c49dd5b
SHA512

7f887d0a38aeba2c91dce4307be182a1b1037143e9be561db086abf0fc0cbf9615cc836afffc46850512e0ed397d97a8a6c2187bab59a000113198da25a50261
SSDEEP

12288:1qE4SZpDHFTRo56LCWQd/CX+fPHg+jZTEz5J7n3+v5UloLL:1qE4SZRFTagCfaXEY+gnORrLL

Score

10^/10

octo android banker evasion infostealer ransomware rat stealth trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bdeb5c21ccdd5336cf55a94aa4bb9691bbd421e45ae3366852b586309c49dd5b.apk

Resource

android-x86-arm-20231023-en

octo banker evasion infostealer ransomware rat stealth trojan

android-9-x86

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

bdeb5c21ccdd5336cf55a94aa4bb9691bbd421e45ae3366852b586309c49dd5b.apk

Resource

android-x64-20231023.1-en

octo banker evasion infostealer ransomware rat trojan

android-10-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

octo

C2

https://94.156.65.133/YzQyNjFlZjE1ODVm/

https://germanisoppinionsi.net/YzQyNjFlZjE1ODVm/

https://germanisoppinionsi.xyz/YzQyNjFlZjE1ODVm/

https://germanisoppinionzani.net/YzQyNjFlZjE1ODVm/

https://germanisoppinionzani.xyz/YzQyNjFlZjE1ODVm/

AES_key

Targets

- Target
  
  bdeb5c21ccdd5336cf55a94aa4bb9691bbd421e45ae3366852b586309c49dd5b.bin
- Size
  
  545KB
- MD5
  
  3a003918ad654c6e9bff8b2a4085b9e7
- SHA1
  
  748378e34c8a7644b554f3c34c08013843d4a5b1
- SHA256
  
  bdeb5c21ccdd5336cf55a94aa4bb9691bbd421e45ae3366852b586309c49dd5b
- SHA512
  
  7f887d0a38aeba2c91dce4307be182a1b1037143e9be561db086abf0fc0cbf9615cc836afffc46850512e0ed397d97a8a6c2187bab59a000113198da25a50261
- SSDEEP
  
  12288:1qE4SZpDHFTRo56LCWQd/CX+fPHg+jZTEz5J7n3+v5UloLL:1qE4SZRFTagCfaXEY+gnORrLL
Score

10^/10

octo banker evasion infostealer ransomware rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo payload
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

octobankerevasioninfostealerransomwareratstealthtrojan

behavioral2

octobankerevasioninfostealerransomwarerattrojan

© 2018-2025

Terms | Privacy