octo | c0b43974e7c5dff72fc566de627dbcb9cdd7691d22f8a00036f60f47f1e0d2e4

Analysis

max time kernel
4s
max time network
144s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02-11-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0b43974e7c5dff72fc566de627dbcb9cdd7691d22f8a00036f60f47f1e0d2e4.apk
Size

1.3MB
MD5

8d80881e9d68e2c6332073906f11801d
SHA1

423e4f9b389cd88f0ad5c2d1cc51cbdf76cf4439
SHA256

c0b43974e7c5dff72fc566de627dbcb9cdd7691d22f8a00036f60f47f1e0d2e4
SHA512

9132205dfa420109661da932e60a05c2eac1fc9bdf4e31f6a8a3a7c6b2433aa3a30522178f3d6094d2dba388f40fe3803fa95ce3103ee1cbcad386e513b2ebdd
SSDEEP

24576:p9L+INfAHMhj1WwUm/JuSESbQiShBf/GSpWwyHTTZfLFZZMlp7sF5mi2Wi:p9LBnhj0a/3QiA5/GSpWbTTZDF4p7Yg

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://3bb139030bc7238b33981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://6bb1390306788b33981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://4bb139030b74564533981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://4bb1332453233981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://4bb13903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://4b6432453233981d0595033c23.com/YmZiMzU0OTU5NGIz/

https://43313903074567453981d0595033c23.com/YmZiMzU0OTU5NGIz/

rc4.plain

Extracted

Family

octo

DES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/files/fstream-8.dat	family_octo

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.piececover6/code_cache/secondary-dexes/base.apk.classes2.zip	4977	com.piececover6
/data/user/0/com.piececover6/cache/wbkluozhdyk	4977	com.piececover6
/data/user/0/com.piececover6/cache/wbkluozhdyk	4977	com.piececover6

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.piececover6
1⤵
- Loads dropped Dex/Jar
PID:4977

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.piececover6/cache/dexDir2429766591964389065classes.dex

Filesize
1KB

MD5
4e61c08811afeb9494278f1a7d47f738

SHA1
5b2a983ae31618ed7f9a4bbbd5822aa97ca756d9

SHA256
3e6a57ba3a7efa0887a27b60ba09df2a0bfc892b1741baeb41c832f9113d0256

SHA512
8fe9363a05b119854504f6eb8a184a34111eb19eb6dc57846da6c02dc6cc56ff9aa60b443b9321f237404455813dc8a2f9401b9d6b7954b745669990d0a4b042

Download Submit
/data/data/com.piececover6/cache/file1765498591470953493ext

Filesize
1KB

MD5
c7b5eada3dc95bb00d702d4dc3650e8f

SHA1
44040978491dd8614755c95677b23f16526d72bb

SHA256
cf3620fca474b5e8073608f3c75824ba0c60bf419b716f943fcf58b2247be25d

SHA512
4c4ac0db8075b91736b301dcfacc334abcb449a0e3178d5203e4f434518a5ade405a5faa79bd5ff537e0c350d82ac449be5e273ea63aa4b03e45efdb7a16186f

Download Submit
/data/data/com.piececover6/cache/wbkluozhdyk

Filesize
449KB

MD5
6815620d7515427c5fa4735f11281c2b

SHA1
089b66fb5ac0ecfeb34384e6c1a793cdef843df3

SHA256
3cbfba98f094f17175803e9874a7c5170c4c58b7cf75e6f858a1a31548b2a309

SHA512
06927ffd3e726819a21a2258977eaff3f198327634882eb2a99d114d878e1f68d82ab1e695a81d09ea78ed62880a1fa4098dd141dd93a6637117aa9ff279718b

Download Submit
/data/data/com.piececover6/code_cache/secondary-dexes/1730584907654

Filesize
2KB

MD5
b073f960fbda11986db8fee0815fb86b

SHA1
5be979257ba8d218d2851571efe0121c81b98a62

SHA256
016737518c8f4d1a5f90cc61945b21b499b4086dc9ae616502dbfc918a6fa636

SHA512
eb09d0084d56d68fcc5c147816c618959a3ea278ef477f9c5a8777f86cfd7381928206394042d3edaa5753f9c513bf106d29b77eba809eb570b7cfe230b4645c

Download Submit
/data/data/com.piececover6/code_cache/secondary-dexes/base.apk.classes2.zip

Filesize
1KB

MD5
a7d1a53be7de6ee121bf298f40d2c1b9

SHA1
806580d2cb6baa022e7bf65ab5cb233fa0809c9e

SHA256
174afa2d05482af1f86ff87a7c398c814e16f9310325feb046ff51fbd69e6bbf

SHA512
f15cd3a05d2b364dd8d7e70f0d9c429fdb7eb4ca8129f06f90d71c86791392e553c66d0bbee9e96187d56637e6e5c636cb3e7d5cf538bf624e9c0ed1841a11ae

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads