octo | ec553a60c5a4fb1d64f2379e84b943f4c8294781b3010f97698ed9ed70fee96f

Analysis

max time kernel
3s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
11/11/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec553a60c5a4fb1d64f2379e84b943f4c8294781b3010f97698ed9ed70fee96f.apk
Size

1.6MB
MD5

90b0a19f81c2d5dd4b9c5fad95170210
SHA1

1fee5ad6459044301f47e01f69514185f06508c0
SHA256

ec553a60c5a4fb1d64f2379e84b943f4c8294781b3010f97698ed9ed70fee96f
SHA512

5c81f1f6368a292988b112a6cc34139c17e9ab2ecea78b182910b7549ab549cb7a9acb1034727eda052eecc7cb6e59e56fd43e5917ffe352f070059766190c73
SSDEEP

49152:tc8qNYjzbh9GDh08ie6aJeGRTv5R1tQ7aMwjeRks2RGK:tDqNYjzdkDf/JeGN5R1tQOHjDsuGK

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://cizgifilmlervekarakterhikayeleri.xyz/MDQ2MTZjMDhlZDQy/

https://cocukanimasyonvesinemaustalari.xyz/MDQ2MTZjMDhlZDQy/

https://masalvecizgifilmkahramanlari.xyz/MDQ2MTZjMDhlZDQy/

https://sevimlikarakterlervesahneefektleri.xyz/MDQ2MTZjMDhlZDQy/

https://cizgifilmsanatvesinemaevreni.xyz/MDQ2MTZjMDhlZDQy/

https://eglencelihikayelervecizgidunyasi.xyz/MDQ2MTZjMDhlZDQy/

https://animasyonyapimcilariveoyuncular.xyz/MDQ2MTZjMDhlZDQy/

https://renklihayalguclerianimasyonlar.xyz/MDQ2MTZjMDhlZDQy/

https://cizgifilmklassikleriyenidonem.xyz/MDQ2MTZjMDhlZDQy/

https://eglencelianimasyonprojelerlistesi.xyz/MDQ2MTZjMDhlZDQy/

https://cizgianimasyonvedijitalhikayeler.xyz/MDQ2MTZjMDhlZDQy/

https://kahramanvetuhafcanlilarhikayesi.xyz/MDQ2MTZjMDhlZDQy/

https://eglencevedostcancizgifilmler.xyz/MDQ2MTZjMDhlZDQy/

https://cizgidunyasindakiyenikarakterler.xyz/MDQ2MTZjMDhlZDQy/

https://animasyonvegorselsanatgezileri.xyz/MDQ2MTZjMDhlZDQy/

https://cizgifilmvedegisimkulturler.xyz/MDQ2MTZjMDhlZDQy/

https://renklianimasyonvesanateserleri.xyz/MDQ2MTZjMDhlZDQy/

https://kulturvecizgihikayegirisimi.xyz/MDQ2MTZjMDhlZDQy/

https://cizgifilmtasarimvesanatyonetimi.xyz/MDQ2MTZjMDhlZDQy/

https://yeniyetisimlerveanimasyoncalismasi.xyz/MDQ2MTZjMDhlZDQy/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4965-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.this.rigid/app_radar/Fr.json	4965	com.this.rigid

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.this.rigid
1⤵
- Loads dropped Dex/Jar
PID:4965

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.this.rigid/app_radar/Fr.json

Filesize
153KB

MD5
82f8dd462329a14a279938a78e04f757

SHA1
0016f694fe917a9d4b2c260fd8a67cd471e19f85

SHA256
37eaa67c007176148379e9706c700bba92ae907cfb743d402beaf7c123ef8620

SHA512
58e4ef4275f91c0d1e829a343b39e284e5f124e3de4cc86bd78c4d280974578df274643c36aab0a073e6c3167fe1af23e61cf27c054e59c03db49df5e8947834

Download Submit
/data/data/com.this.rigid/app_radar/Fr.json

Filesize
153KB

MD5
1ce0aa1b6c158f0cdea00f51cef80f53

SHA1
6ee5a610df15e8b7f8684e510d65312b903e16c8

SHA256
d13a016bafe38e49a17a47dd66e2b5857910326e4ab6116503715aef1fe8cb91

SHA512
ab228b0ddf17f40a76b55f33eb7eb17cd60675de49ff62230fe6b637e0a7068517b31a42894c69fc2d3c6b0cc9115c57c41e6979f88a444ebd81b157c18c5dda

Download Submit
/data/user/0/com.this.rigid/app_radar/Fr.json

Filesize
451KB

MD5
05bfe2d762feea54c3229c91bb523877

SHA1
e6dfe3eca23c01b9a95553223dee935fbe691d7d

SHA256
9d390766317625ec99a86908ac420095de915b7bf7acfe9d67e1669292ac93be

SHA512
3475268ce92b692fbda6c983172fbc70a5378f036c17952684d8f4d29ca400023cc05c6e77d9ca2de300ca134145c24a16b7fe2981dde9b384d3c646866333c3

Download Submit