octo | d677d39c12a49cab629c518d8551020406eab7a995e5d7ae51514c0351358b07 | Triage

Submit
Reports

Overview

overview

Static

static

6

1.apk

android-9-x86

1.apk

android-13-x64

Sharing

General

Target

1.apk.zip
Size

518KB
Sample

240313-118hwacf84
MD5

1b673ceed99a37464cfd78f224a141f3
SHA1

c3afcf8bf0a7854ada8f7721602d368f429ee94a
SHA256

d677d39c12a49cab629c518d8551020406eab7a995e5d7ae51514c0351358b07
SHA512

4bf8faab1b2d96ffdde9f9a4789befa3671efba278ccce25e078e0ed3f074e4d717d61bd9d175e615ac76b562b393d6eb1a64919f6c95a7694165ba934538206
SSDEEP

12288:/Ie9rca75GhFg7yUmfJsjK1GwSnTvDZxz2qGdlzKwzBvhb6B:we9rdtyUmfJlGTvlpY51vhmB

Score

10^/10

octo android banker collection discovery evasion infostealer rat stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1.apk

Resource

android-x86-arm-20240221-en

octo banker collection discovery evasion infostealer rat stealth trojan

android-9-x86

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1.apk

Resource

android-33-x64-arm64-20240229-en

octo banker collection discovery evasion infostealer rat trojan

android-13-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

octo

C2

s:https://31.41.244.77/o2test/

AES_key

Targets

- Target
  
  1.apk
- Size
  
  525KB
- MD5
  
  0667d65c7bed97a450e322223ca31c1a
- SHA1
  
  6f1e791fbf59410bc23e79479500f8e52e5e1686
- SHA256
  
  824e35d8dd11acdcb3c48d8c66114eccb25c2fff2d8cb047cd5b4b6c22c481a7
- SHA512
  
  37b457e1c35144efe9b6d469a9056cb89cdf10ba1e318438b59fd7070ecf7bd6b6708c645787103a1a26c870c36e7c75096f7bd14c4372532638e31f8245c389
- SSDEEP
  
  12288:je3vs2mwDBDuhsqP4Gshblm6OAQmWSj/sx4DWCNYO:je3UnwDB44Gwlm6OAQm7sbGz
Score

10^/10

octo banker collection discovery evasion infostealer rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

octobankercollectiondiscoveryevasioninfostealerratstealthtrojan

behavioral2

octobankercollectiondiscoveryevasioninfostealerrattrojan

© 2018-2024

Terms | Privacy