octo | 9cf53337faf1ec990efd9b64c80a808632cb97a10d13cba26a360b24e2ac63a9

Resubmissions

09-10-2024 09:28

241009-lfc4xaycld 10

09-10-2024 05:19

241009-fz3wsawflf 10

09-09-2024 22:13

240909-148m2svdne 10

Analysis

max time kernel
4s
max time network
36s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09-10-2024 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9cf53337faf1ec990efd9b64c80a808632cb97a10d13cba26a360b24e2ac63a9.apk
Size

1.4MB
MD5

8b66343d68ea2ca94c03147ff58595a2
SHA1

bbdf9f88970bbfec8f2e30afa4cee71572502a43
SHA256

9cf53337faf1ec990efd9b64c80a808632cb97a10d13cba26a360b24e2ac63a9
SHA512

58d26b3f10bc32326c6edfeb246f82b220d6967269703737d932b3fef63a3beef5292fb993bbe5268dad15c6eeb72f5fd5f64d28cf4a92847f7d87614a542cf2
SSDEEP

24576:Tssbx7S6kAVrAXYEvRSZcTeoe0blje0o32JxGN3ePq920qdQwT5rXpgvEiEmC0:jf/EvlDble32eNuS9jqdQWrXpgvEs5

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_octo

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.colorend2/cache/wikkiuht	4937	com.colorend2
/data/user/0/com.colorend2/cache/wikkiuht	4937	com.colorend2

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.colorend2
1⤵
- Loads dropped Dex/Jar
PID:4937

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.colorend2/cache/wikkiuht

Filesize
156KB

MD5
6ffe7be285beaa754fd8175916cac815

SHA1
4f9d7398ae72505eaa92a6d7c2f034baca707a38

SHA256
7720e5b21f188f6ac371feaa67d1d8f00c992a02de23cb6f889ec634c57df85d

SHA512
a1f0108438ab852e5b75d41abd35a7269400c1f9af7fd7aa5170f2de9ad8b2c0aa3bb4d74b0a842faf111d50af2a5fce31e1bff426aa3821b4dc4f086dd99053

Download Submit