octo | 92abbd4f9e493a0b454c1678c51dacfecf4a34401f179abaa22c830db871bf14 | Triage

Submit
Reports

Overview

overview

Static

static

6

92abbd4f9e...14.apk

android-9-x86

92abbd4f9e...14.apk

android-13-x64

Sharing

Copy URL Twitter E-mail

General

Target

92abbd4f9e493a0b454c1678c51dacfecf4a34401f179abaa22c830db871bf14
Size

531KB
Sample

231220-jythhaagfn
MD5

4d2323cfe032706432cb7c111c9bde6d
SHA1

4d4ed131f74fff2078f0c6fa750f02edf6db88bd
SHA256

92abbd4f9e493a0b454c1678c51dacfecf4a34401f179abaa22c830db871bf14
SHA512

fdefff1f7cf3e8d51c581fe55c54401ffea482c359848fbefbd2d2e21a5f6ddf11a7f73faf1eb62edf9dbd0470c61c39be5b953380a433a6cf93404459755d18
SSDEEP

12288:fflEKZ09BuYlwTwqqFpTfCN6F25NT0D6V2lUZen529oTns:ffrMHwiWzi6+5Hns

Score

10^/10

octo android banker evasion infostealer rat stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

92abbd4f9e493a0b454c1678c51dacfecf4a34401f179abaa22c830db871bf14.apk

Resource

android-x86-arm-20231215-en

octo banker evasion infostealer rat stealth trojan

android-9-x86

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

92abbd4f9e493a0b454c1678c51dacfecf4a34401f179abaa22c830db871bf14.apk

Resource

android-33-x64-arm64-20231215-en

octo banker evasion infostealer rat trojan

android-13-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

octo

C2

https://varibou.top/ZmEwY2ZmZWYzN2Mw/

https://zeqexyu.shop/ZmEwY2ZmZWYzN2Mw/

https://varibovaribo.top/ZmEwY2ZmZWYzN2Mw/

https://varibovarib.top/ZmEwY2ZmZWYzN2Mw/

https://varibovavaribova.top/ZmEwY2ZmZWYzN2Mw/

https://botbokhj.top/ZmEwY2ZmZWYzN2Mw/

https://borklfofj.top/ZmEwY2ZmZWYzN2Mw/

https://rugypie.shop/ZmEwY2ZmZWYzN2Mw/

https://rugypie.top/ZmEwY2ZmZWYzN2Mw/

https://xoboxii.top/ZmEwY2ZmZWYzN2Mw/

https://xoboxii.shop/ZmEwY2ZmZWYzN2Mw/

https://pokolobnvdos.site/ZmEwY2ZmZWYzN2Mw/

https://abas34hkipolot.top/ZmEwY2ZmZWYzN2Mw/

https://golovnka33.top/ZmEwY2ZmZWYzN2Mw/

AES_key

Targets

- Target
  
  92abbd4f9e493a0b454c1678c51dacfecf4a34401f179abaa22c830db871bf14
- Size
  
  531KB
- MD5
  
  4d2323cfe032706432cb7c111c9bde6d
- SHA1
  
  4d4ed131f74fff2078f0c6fa750f02edf6db88bd
- SHA256
  
  92abbd4f9e493a0b454c1678c51dacfecf4a34401f179abaa22c830db871bf14
- SHA512
  
  fdefff1f7cf3e8d51c581fe55c54401ffea482c359848fbefbd2d2e21a5f6ddf11a7f73faf1eb62edf9dbd0470c61c39be5b953380a433a6cf93404459755d18
- SSDEEP
  
  12288:fflEKZ09BuYlwTwqqFpTfCN6F25NT0D6V2lUZen529oTns:ffrMHwiWzi6+5Hns
Score

10^/10

octo banker evasion infostealer rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Acquires the wake lock
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

octobankerevasioninfostealerratstealthtrojan

behavioral2

octobankerevasioninfostealerrattrojan

© 2018-2025

Terms | Privacy