octo | 7898bdbcd3974054090713d8e38f5a21a877dfbd0f053e9bcd9c11dcdde72a42 | Triage

Submit
Reports

Overview

overview

Static

static

6

7898bdbcd3...42.apk

android-9-x86

7898bdbcd3...42.apk

android-11-x64

Sharing

Copy URL Twitter E-mail

General

Target

7898bdbcd3974054090713d8e38f5a21a877dfbd0f053e9bcd9c11dcdde72a42
Size

573KB
Sample

231220-bqzqjsebgp
MD5

d65f7a28d63bdb9656a1f6ae7ac99b22
SHA1

cf993ff345066017da5e2b892afb3b3f09fe1c67
SHA256

7898bdbcd3974054090713d8e38f5a21a877dfbd0f053e9bcd9c11dcdde72a42
SHA512

1a94dd6a162f18b966861106b76edf74d7d8ba36f39f9eec070ff70615878d3e9157c8f9466b92547b84a66bc5ed2677b458941de565e1fddbf2e853ac65a087
SSDEEP

12288:ARAru24inKqm9vmncUdbFZYACU7gPY3hYkH2HhY5I:z7SkDbfYaEYDEhY+

Score

10^/10

octo android banker evasion infostealer rat stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

7898bdbcd3974054090713d8e38f5a21a877dfbd0f053e9bcd9c11dcdde72a42.apk

Resource

android-x86-arm-20231215-en

octo banker evasion infostealer rat stealth trojan

android-9-x86

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7898bdbcd3974054090713d8e38f5a21a877dfbd0f053e9bcd9c11dcdde72a42.apk

Resource

android-x64-arm64-20231215-en

octo banker evasion infostealer rat trojan

android-11-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

octo

C2

https://serversippoolcheck.xyz/NmE0N2YwOWEzMTM3/

https://serverspoolcheckip.xyz/NmE0N2YwOWEzMTM3/

https://serverscheckippool.xyz/NmE0N2YwOWEzMTM3/

https://ipcheckserverspool.xyz/NmE0N2YwOWEzMTM3/

https://bestscanipworld.xyz/NmE0N2YwOWEzMTM3/

https://scanbestipworld.xyz/NmE0N2YwOWEzMTM3/

https://ipbestscanworld.xyz/NmE0N2YwOWEzMTM3/

https://worldipbestscan.xyz/NmE0N2YwOWEzMTM3/

https://bestipscanworld.xyz/NmE0N2YwOWEzMTM3/

https://bestworldipscan.xyz/NmE0N2YwOWEzMTM3/

https://bestscanworldip.xyz/NmE0N2YwOWEzMTM3/

AES_key

Targets

- Target
  
  7898bdbcd3974054090713d8e38f5a21a877dfbd0f053e9bcd9c11dcdde72a42
- Size
  
  573KB
- MD5
  
  d65f7a28d63bdb9656a1f6ae7ac99b22
- SHA1
  
  cf993ff345066017da5e2b892afb3b3f09fe1c67
- SHA256
  
  7898bdbcd3974054090713d8e38f5a21a877dfbd0f053e9bcd9c11dcdde72a42
- SHA512
  
  1a94dd6a162f18b966861106b76edf74d7d8ba36f39f9eec070ff70615878d3e9157c8f9466b92547b84a66bc5ed2677b458941de565e1fddbf2e853ac65a087
- SSDEEP
  
  12288:ARAru24inKqm9vmncUdbFZYACU7gPY3hYkH2HhY5I:z7SkDbfYaEYDEhY+
Score

10^/10

octo banker evasion infostealer rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Acquires the wake lock
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

octobankerevasioninfostealerratstealthtrojan

behavioral2

octobankerevasioninfostealerrattrojan

© 2018-2025

Terms | Privacy