octo | 8b20b81c06189c69d8d2e4460bb6cf85de75412caa66f6474b20006bc2ffdf81

Analysis

max time kernel
4s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
15/11/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b20b81c06189c69d8d2e4460bb6cf85de75412caa66f6474b20006bc2ffdf81.apk
Size

2.5MB
MD5

99d9ff0d8155871dd9aff142a35bd12e
SHA1

3618423b90a989aae310bad8ef31cbec5353c161
SHA256

8b20b81c06189c69d8d2e4460bb6cf85de75412caa66f6474b20006bc2ffdf81
SHA512

ccb9cf6c5e90bf238ed30f7ac7859e2787b5f61003ac03978433c7af7ce103bfd7b6995bbf3cb3e440847d07a08ed7e69bda556b8736ee8c34e10b6e087e967b
SSDEEP

49152:zmJ2OsrUFDdh3vC7ubsxyubObhbIFiEimDnDX0KbyBVbhsA8w872Zx3pbpxfSAFO:zmJ25rMDnfCSb2yubA4i8nQdhe72XNq3

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://populeryabancianimaserver.xyz/MDQ2MTZjMDhlZDQy/

https://eglencelikahramanlaranimas.xyz/MDQ2MTZjMDhlZDQy/

https://cizgifilmtutkunlarianim.xyz/MDQ2MTZjMDhlZDQy/

https://renklidunyavekarakterler.xyz/MDQ2MTZjMDhlZDQy/

https://animasyonvekulturhikayeleri.xyz/MDQ2MTZjMDhlZDQy/

https://yabancisanatcizgiustalari.xyz/MDQ2MTZjMDhlZDQy/

https://cocukvesinemaoyuncular.xyz/MDQ2MTZjMDhlZDQy/

https://cizgidunyasindakiyabanci.xyz/MDQ2MTZjMDhlZDQy/

https://animasyontavsiyeveyorumlar.xyz/MDQ2MTZjMDhlZDQy/

https://sevimlicanlilarhikarakat.xyz/MDQ2MTZjMDhlZDQy/

https://yabancianimasinemaustalari.xyz/MDQ2MTZjMDhlZDQy/

https://cizgianimasanatyaraticilik.xyz/MDQ2MTZjMDhlZDQy/

https://populeranimaserverkaliteleri.xyz/MDQ2MTZjMDhlZDQy/

https://kulturelanimasyonvesanat.xyz/MDQ2MTZjMDhlZDQy/

https://yabancicizgianimasanatyolu.xyz/MDQ2MTZjMDhlZDQy/

https://eglencevesanatcizgihikaye.xyz/MDQ2MTZjMDhlZDQy/

https://yabanciveklasikanimasyon.xyz/MDQ2MTZjMDhlZDQy/

https://populeranimaserverdunyasi.xyz/MDQ2MTZjMDhlZDQy/

https://cizgianimasanatkonusmasi.xyz/MDQ2MTZjMDhlZDQy/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4966-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ramp.reflect/app_novel/Pjy.json	4966	com.ramp.reflect

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.ramp.reflect
1⤵
- Loads dropped Dex/Jar
PID:4966

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ramp.reflect/app_novel/Pjy.json

Filesize
153KB

MD5
d6b14b0dd1276a997bab1cd3de6f0f5c

SHA1
2df6cf004744d9cf058af4a0b21d92350726e9ac

SHA256
4ec8aef20e2ae322bd98eee1bcf33cfc5d497d884976576befa8e8a1c5446e49

SHA512
b0130d431c699ef11183fdc9ab5101f6bc2e3357cac5848e6fd4cfb1c3e7aebab2ef30701d43e5bf1b94b0c776a4337a0efe17b7a44c46a0d1bdf3d959b41b49

Download Submit
/data/data/com.ramp.reflect/app_novel/Pjy.json

Filesize
153KB

MD5
9fcacd526dec440899db948e92ace8f7

SHA1
7829ad2d6b21f6ed67d3977a22820a5bc864f98f

SHA256
a3538a7f0bee36423219b599490d6a5b0cd66c53dd429084870340ca3c7d1128

SHA512
ee673a4c505ac57494ffd8058234a56de01ff4be345843741e4873e7e2526faa0491fd91cad0d45daa9982da1b4d3d926f60cf5fe1845b42aefdc96471ede7a9

Download Submit
/data/user/0/com.ramp.reflect/app_novel/Pjy.json

Filesize
451KB

MD5
e1cee873669b3029c15d409a8f885abd

SHA1
b32f48d7bb7cbda649fd2e07f188cda036114b0e

SHA256
3921411987d1d8f2d6fb340297728a4e1210ca1ceda83aad9392e137d1771b5d

SHA512
5a142a4548df9379e509641dc90aa45f5a5d36f8ed59d165d7c1fe8bd5e35ee893608952fae30710c1f340d24be6aa36d0960b79ebd2016636fe020c1bcd7bdf

Download Submit