octo | 1b939b3c43e34a28eaabf76d6f65a1a0458ecbd6a12692ca01ad199ae8e151cc

Analysis

max time kernel
7s
max time network
145s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
15-10-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b939b3c43e34a28eaabf76d6f65a1a0458ecbd6a12692ca01ad199ae8e151cc.apk
Size

2.4MB
MD5

c02160b12066dcc567b516af3f3454dc
SHA1

8f1ab34043ed6d904b524557d9b2eb796d6c0880
SHA256

1b939b3c43e34a28eaabf76d6f65a1a0458ecbd6a12692ca01ad199ae8e151cc
SHA512

89b7e1907b7bcceb2b7405ec3e65c06f929872c9682e2c767a35610faf6616d089b64c47369d29cb06987b868d78c83a391e42eb7276cf24ebaea50ace36fe65
SSDEEP

49152:MIhUxkXk8DMQROa/zvT9jhBM5jHbG9mZzHhdHnC6EecRHqvuxQJHBOYE:MIUkXPDzMozvT99m2U/dHnCt+uKFBOYE

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://yapayzekaveteknologigirisimi.xyz/YjdkMWRjNTllNzZi/

https://dijitaldonanimveyazilimharikasi.xyz/YjdkMWRjNTllNzZi/

https://bulutbilisimveyapayzekatavsiyesi.xyz/YjdkMWRjNTllNzZi/

https://blockchainvekriptofinansuzmani.xyz/YjdkMWRjNTllNzZi/

https://yapayzekavegelecekteknolojisi.xyz/YjdkMWRjNTllNzZi/

https://robotikteknolojilerevesimulasyon.xyz/YjdkMWRjNTllNzZi/

https://sibertezvebilisimdunyasiprojeleri.xyz/YjdkMWRjNTllNzZi/

https://dijitaldunyavebilisimyenilikleri.xyz/YjdkMWRjNTllNzZi/

https://uzayteknolojisiveyapayzekakesfi.xyz/YjdkMWRjNTllNzZi/

https://akillirobotiksistemlerveotomat.xyz/YjdkMWRjNTllNzZi/

https://dijitaldunyabilgimimariprogrami.xyz/YjdkMWRjNTllNzZi/

https://kriptoekonomivetrendbilisim.xyz/YjdkMWRjNTllNzZi/

https://dijitaldonanimvebilisimproje.xyz/YjdkMWRjNTllNzZi/

https://kapsamdijitalanalizveveriharitasi.xyz/YjdkMWRjNTllNzZi/

https://akilliveriyonetimiplatformuve.xyz/YjdkMWRjNTllNzZi/

https://yapayzekaileakillialtyapi.xyz/YjdkMWRjNTllNzZi/

https://uzakgelecekbilisimplatformuve.xyz/YjdkMWRjNTllNzZi/

https://kriptoalgoritmaozeldanisman.xyz/YjdkMWRjNTllNzZi/

https://endustri4veakillifabrikalar.xyz/YjdkMWRjNTllNzZi/

https://bulutbilisimkapsamdijitaldonanim.xyz/YjdkMWRjNTllNzZi/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4974-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.oppose.baby/app_canyon/sqAd.json	4974	com.oppose.baby

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.oppose.baby
1⤵
- Loads dropped Dex/Jar
PID:4974

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.oppose.baby/app_canyon/sqAd.json

Filesize
153KB

MD5
9ae37e41f5a66f743e0cc26413350c3e

SHA1
e678cc24c0e62035831600772f49cb220fb9bb5a

SHA256
4a50d833f1c0c071e517e072a23ac878362991493cd8ba55928074690a5e3a6d

SHA512
a59d45f58d507decec33d36ba967861b65930cedee2fdbaac87a24b55a87a5c91d71b7e460eaa75cd8e4084ff63ea4d4c7dee86c65300acd51f9c2b321555eff

Download Submit
/data/data/com.oppose.baby/app_canyon/sqAd.json

Filesize
153KB

MD5
9a9a676698684457fe6902a4aa898945

SHA1
cd27c53adc4a06acdce933fae70f757896223767

SHA256
bdcc63cb5cd6f9bbfd5f1db0eb52c380c9af667614303f7e2aa0bad794ec88b4

SHA512
1c9f81e7ec73e87ca0369965dfd6b84255538b4a341a8cdec5ba8a84d1b9bccead60a3cbce10bc5ebd1de81ca6217e0e11ac6df3741af86224ae22848c187661

Download Submit
/data/user/0/com.oppose.baby/app_canyon/sqAd.json

Filesize
451KB

MD5
0b6931175b43e603486cbeb7bbd990b3

SHA1
ec8d43869705096aa6c4fa246634b37386f93ab9

SHA256
fe2d92f56e5e12a9c16f929d88b2aba6c5102cb9554f979fd41b75095d178af8

SHA512
e8abfe08137da460dfab354a9829a90e6462ee1846ee10829e61932d0dbf49d537aefaad147d2cb331f4abf597a8b248f66c5a6eed1b993bdaa83eee32cfcc2d

Download Submit