octo | c3023aceefb8c6f6f4652d45fc6a3d48c02d5530f7f5417063134109bdfb3fe7

Analysis

max time kernel
7s
max time network
152s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
06-11-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3023aceefb8c6f6f4652d45fc6a3d48c02d5530f7f5417063134109bdfb3fe7.apk
Size

2.0MB
MD5

1b8d2ace195bec6ad7f72aa749f58a33
SHA1

6d93f684b8e3a3e071ea07af67be0d6ad7cc2032
SHA256

c3023aceefb8c6f6f4652d45fc6a3d48c02d5530f7f5417063134109bdfb3fe7
SHA512

520f2a6f16056952f6f2f154ab62023062299f0c0bb23d9c584af3114244057a26b9a29a37e7668dd251ea2719bb7bf5f480ea75ad3f9e60bf1332aa9b4ad480
SSDEEP

49152:qmw+gQuqzzsC7PwYlyJSEvEzuCCZ6q8fmI342ADDsTPnGdQYW2IB1ySho0:mQuqPsoYIEvEzZq8eI3ZADITOKYrmySP

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://uzaykesifveteknolojigelecegimizinharitasi.xyz/MDQ2MTZjMDhlZDQy/

https://yapayzekailegezegentasimaprojesi.xyz/MDQ2MTZjMDhlZDQy/

https://yildizlararasihikayelerveuzaygemileri.xyz/MDQ2MTZjMDhlZDQy/

https://bilimkurgukesifvedonusumharitasi.xyz/MDQ2MTZjMDhlZDQy/

https://paralelgezegenlerveyapaysavaslar.xyz/MDQ2MTZjMDhlZDQy/

https://galaksilerarasiseyahatsanatyolculugu.xyz/MDQ2MTZjMDhlZDQy/

https://sibernetikveevrenselakilliyonetimi.xyz/MDQ2MTZjMDhlZDQy/

https://gelecektekiuzaykolonilerindeyasam.xyz/MDQ2MTZjMDhlZDQy/

https://robotveinsanbirlesmesimacerasi.xyz/MDQ2MTZjMDhlZDQy/

https://bilimkurguvetoplananveridunyasi.xyz/MDQ2MTZjMDhlZDQy/

https://galaksilerarasiiletisimveanliksistemler.xyz/MDQ2MTZjMDhlZDQy/

https://gelecekuzaygemisifantezivegercek.xyz/MDQ2MTZjMDhlZDQy/

https://uzayzamankapsamivedonusumkalkani.xyz/MDQ2MTZjMDhlZDQy/

https://zamanmakinesivemultievrenselgeziler.xyz/MDQ2MTZjMDhlZDQy/

https://paralelboyutlarvedijitalruhtasarimi.xyz/MDQ2MTZjMDhlZDQy/

https://galaktikekonomiuzaycagelecekyolu.xyz/MDQ2MTZjMDhlZDQy/

https://bilimkurguvedonusumolasilikharitasi.xyz/MDQ2MTZjMDhlZDQy/

https://yildizlarveteknolojikmedeniyetler.xyz/MDQ2MTZjMDhlZDQy/

https://karadeliksiralariuzayarastirmalari.xyz/MDQ2MTZjMDhlZDQy/

https://galaksikarasivakumbilgeliksistemi.xyz/MDQ2MTZjMDhlZDQy/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4977-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.rocket.hat/app_frown/xQdO.json	4977	com.rocket.hat

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.rocket.hat
1⤵
- Loads dropped Dex/Jar
PID:4977

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rocket.hat/app_frown/xQdO.json

Filesize
153KB

MD5
7b72b07247b8c358e49837fa8a120194

SHA1
66c2683bc73da806b1254ada189799b0f250cd99

SHA256
919ad0bdda31f1a4c1f2156b26e025c65f5d0d1f2630235e4bd27f40ec50ccbc

SHA512
5d755f8dee7067898dc0f5ff22ec7dcba92acac4dd398d23889cc98d748f8598f4ad549367859f52beb2cb37eb69c8162a660e84322855d196ff474175089aee

Download Submit
/data/data/com.rocket.hat/app_frown/xQdO.json

Filesize
153KB

MD5
2768830d90c5c2b90e2fecff6a7fb74b

SHA1
de6584a25383db683476311cc86e8aa770c6490e

SHA256
1ddf760b5685896dfbf14465d91722866f30b014678f54b0d0f82eaf77c24cc5

SHA512
56c6991d92d3347ea8b6d661f842bff739c2f28bd4b8bf85d02d727558a2f766d4b39d830936ca6db9e887b9e4e8c9702a2cf8b8c7469ff975b7a8f8fe1b6830

Download Submit
/data/user/0/com.rocket.hat/app_frown/xQdO.json

Filesize
451KB

MD5
1a12ec30707547eb9b993487ba224d4d

SHA1
377ce91daf8bcedbcbf57f1350d9d5d4508e1980

SHA256
054c318fa7193b9699d29d949a830643ecf95e82633bf2d4a56a7aa363046c32

SHA512
73efbad05b564943a200f48d6013587ea2f812beed0b607343f8ad9e8cd833b7529c094d4483febff5e14ccc567e9456ae55f076d57f184a112bbdc874c63b7e

Download Submit