octo | 8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

6

8b18b8a7f1...23.apk

android-9-x86

8b18b8a7f1...23.apk

android-10-x64

Sharing

General

Target

8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923
Size

3.3MB
Sample

231220-g43x1sfdel
MD5

ab4dfc2cc89eed6e9039f3ea0fe4cb76
SHA1

ed5b65c7c3677e590edadc4e7f1a49fc9296cd51
SHA256

8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923
SHA512

506142bdc14f576f9f0613aebfe2c94fca45afd1844df3670ef85c7a6b922ae0c04aafaf77b3129cc21417bf538db7bb165e6190de2480d71dc7326550c9bf75
SSDEEP

98304:jKZbAI2VY07HPiEnWgCUARPBR7AJ63RvE:GbA1PHn/bAR5R7AJ63RE

Score

10^/10

octo android banker evasion infostealer rat stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923.apk

Resource

android-x86-arm-20231215-en

octo banker evasion infostealer rat stealth trojan

android-9-x86

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923.apk

Resource

android-x64-20231215-en

octo banker infostealer rat trojan

android-10-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

octo

C2

https://checkserversippool.xyz/NmE0N2YwOWEzMTM3/

https://poolcheckipservers.xyz/NmE0N2YwOWEzMTM3/

https://poollipceckservers.xyz/NmE0N2YwOWEzMTM3/

https://poolserverisippool.xyz/NmE0N2YwOWEzMTM3/

https://serversippoolcheck.xyz/NmE0N2YwOWEzMTM3/

https://serverspoolcheckip.xyz/NmE0N2YwOWEzMTM3/

https://serverscheckippool.xyz/NmE0N2YwOWEzMTM3/

https://ipcheckserverspool.xyz/NmE0N2YwOWEzMTM3/

https://bestscanipworld.xyz/NmE0N2YwOWEzMTM3/

https://scanbestipworld.xyz/NmE0N2YwOWEzMTM3/

https://ipbestscanworld.xyz/NmE0N2YwOWEzMTM3/

https://worldipbestscan.xyz/NmE0N2YwOWEzMTM3/

AES_key

AES_key

Targets

- Target
  
  8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923
- Size
  
  3.3MB
- MD5
  
  ab4dfc2cc89eed6e9039f3ea0fe4cb76
- SHA1
  
  ed5b65c7c3677e590edadc4e7f1a49fc9296cd51
- SHA256
  
  8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923
- SHA512
  
  506142bdc14f576f9f0613aebfe2c94fca45afd1844df3670ef85c7a6b922ae0c04aafaf77b3129cc21417bf538db7bb165e6190de2480d71dc7326550c9bf75
- SSDEEP
  
  98304:jKZbAI2VY07HPiEnWgCUARPBR7AJ63RvE:GbA1PHn/bAR5R7AJ63RE
Score

10^/10

octo banker evasion infostealer rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

octobankerevasioninfostealerratstealthtrojan

behavioral2

octobankerinfostealerrattrojan

© 2018-2025

Terms | Privacy