octo | f51216d9d265f4b20635e3a058199ffdf531d13f053461f8650a634d7708197d

Analysis

max time kernel
7s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
18/10/2024, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f51216d9d265f4b20635e3a058199ffdf531d13f053461f8650a634d7708197d.apk
Size

1.9MB
MD5

4ab4783dc105414f36b11ee9f7768102
SHA1

d80fd20b8278ce4c60d67af5e90099e4c8731e75
SHA256

f51216d9d265f4b20635e3a058199ffdf531d13f053461f8650a634d7708197d
SHA512

05414901e653083088cfaf574a046aaefd72151ad34b6182e877fef2ff831bcbee15796aded9f1f7182d619621619ce2ef5738549689e98f875e99d4806dd31f
SSDEEP

49152:1xuO9k3cY8SvXSff30XJjUtQ3VX8+ZFZivF11aSHo:nu8WcY8SvkfgJYKX8M7S9aSI

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://yapayzekaveteknologigirisimi.xyz/YjdkMWRjNTllNzZi/

https://dijitaldonanimveyazilimharikasi.xyz/YjdkMWRjNTllNzZi/

https://bulutbilisimveyapayzekatavsiyesi.xyz/YjdkMWRjNTllNzZi/

https://blockchainvekriptofinansuzmani.xyz/YjdkMWRjNTllNzZi/

https://yapayzekavegelecekteknolojisi.xyz/YjdkMWRjNTllNzZi/

https://robotikteknolojilerevesimulasyon.xyz/YjdkMWRjNTllNzZi/

https://sibertezvebilisimdunyasiprojeleri.xyz/YjdkMWRjNTllNzZi/

https://dijitaldunyavebilisimyenilikleri.xyz/YjdkMWRjNTllNzZi/

https://uzayteknolojisiveyapayzekakesfi.xyz/YjdkMWRjNTllNzZi/

https://akillirobotiksistemlerveotomat.xyz/YjdkMWRjNTllNzZi/

https://dijitaldunyabilgimimariprogrami.xyz/YjdkMWRjNTllNzZi/

https://kriptoekonomivetrendbilisim.xyz/YjdkMWRjNTllNzZi/

https://dijitaldonanimvebilisimproje.xyz/YjdkMWRjNTllNzZi/

https://kapsamdijitalanalizveveriharitasi.xyz/YjdkMWRjNTllNzZi/

https://akilliveriyonetimiplatformuve.xyz/YjdkMWRjNTllNzZi/

https://yapayzekaileakillialtyapi.xyz/YjdkMWRjNTllNzZi/

https://uzakgelecekbilisimplatformuve.xyz/YjdkMWRjNTllNzZi/

https://kriptoalgoritmaozeldanisman.xyz/YjdkMWRjNTllNzZi/

https://endustri4veakillifabrikalar.xyz/YjdkMWRjNTllNzZi/

https://bulutbilisimkapsamdijitaldonanim.xyz/YjdkMWRjNTllNzZi/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4970-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.fringe.puppy/app_offer/jC.json	4970	com.fringe.puppy

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.fringe.puppy
1⤵
- Loads dropped Dex/Jar
PID:4970

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fringe.puppy/app_offer/jC.json

Filesize
153KB

MD5
208d1214983cb7af03c641f5bb371e99

SHA1
38c958dbcd45d69c8d7096a8024bafd0d0ef8c27

SHA256
47c3691b99e5597055964bdee011cf4a7101940cfa62e9ef02e28e64687691cd

SHA512
5cba9e90f0c64372d04d7e60e1d764d2d104337454c74f539f9b645f32257ccbeaee4694d1e0b20a941618f18f19797f792bdc0b0aaef4a257e9b2e4e9d3574a

Download Submit
/data/data/com.fringe.puppy/app_offer/jC.json

Filesize
153KB

MD5
e694dfd502880a0bfcf6a83edd6c1928

SHA1
3e27679012cb2d74cbaa55bc7afd97d9911757d5

SHA256
ba16648d82a438f1b43681f8b9f407626669adfe8b14cb1064d1c43b815f61b2

SHA512
aaa6b4b0b73470255c8b144d9c472671f9d71af28f5a4f7a25f26d7fca24ea3c5c21c69a99b76732b5b7c1d3e7ba25f7c716870b5748b698b4ab15fc0f46e9e7

Download Submit
/data/user/0/com.fringe.puppy/app_offer/jC.json

Filesize
451KB

MD5
1903e4a7081255391c50b2328e07a6fa

SHA1
6bc0aed9194d3b5fd8ae55a647f520eb93d8c282

SHA256
4a42c9814430908c5cb91fe09beaff76c6c457ebe07b6d8ab28c9faf22777abb

SHA512
3cb7846c3d69ce4498617453a50d9a7e3d02f87b46028150c550b539338703de7b0efa83126b8e5079cad453d2677e86c8b5966de3be5d8306823960ae7d3ff9

Download Submit