octo | d5f278647ed6f5043f6a70c96a7edfafdc65b866a690ca38d6845fe8f36245f9

Analysis

max time kernel
1s
max time network
147s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
08-11-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5f278647ed6f5043f6a70c96a7edfafdc65b866a690ca38d6845fe8f36245f9.apk
Size

2.4MB
MD5

9b3647665720f6ac2ee1cce2306aafc3
SHA1

364b7f965da1e39e5fa7925d9a9a72a6e7f4352d
SHA256

d5f278647ed6f5043f6a70c96a7edfafdc65b866a690ca38d6845fe8f36245f9
SHA512

8b77bc35f96a15974a0e36e7dc987b90017d0cee8a39dea201bc636773735b3a3e437bbbe9b4052eb8e2b9b29809acde16242b0408310a4074cc68cccadab2e8
SSDEEP

49152:lbx/PguTq+1Ev9FpsNyfsxRgWcaRWp92E+TAsQrEep4no9ZpbS0niJLbY:5pFe+1hNyfMgWcsWpcE+TAskEepGyW0/

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://malkafaniskm.com/NzY2NDZkZmViYjZj/

https://fukiyibartiyom2.com/NzY2NDZkZmViYjZj/

https://malkafali222.com/NzY2NDZkZmViYjZj/

https://oyunbaimlisi35.com/NzY2NDZkZmViYjZj/

https://mal1fukizmirli.com/NzY2NDZkZmViYjZj/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/files/fstream-1.dat	family_octo

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.servedog6/cache/wzauvtpqlaw	5064	com.servedog6
/data/user/0/com.servedog6/cache/wzauvtpqlaw	5064	com.servedog6

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.servedog6
1⤵
- Loads dropped Dex/Jar
PID:5064

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.servedog6/cache/wzauvtpqlaw

Filesize
2.3MB

MD5
2590211c8c952928dbe52a32f5165a06

SHA1
c2e8fdeadc863b311d2b9c6e88ee21a2ee28ce74

SHA256
f8f5d6133e004c2cdf8a77870ac17459f5b375c9a12cf1d9902499ec640cdaae

SHA512
39a8fd383dee2f4f0b62ffe4e66de6cbdd0eacea42cc2b452cd874aa13ce15499c9c2bba753b345c48563d95d401dfd63dc8fd86d1256b52740021a96ae42521

Download Submit