octo | 4f39e86fb8f39acbd92f15da4a3b4eb622b52493e5d4e6d7c396eea68bebb2de

Analysis

max time kernel
10s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
15-11-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f39e86fb8f39acbd92f15da4a3b4eb622b52493e5d4e6d7c396eea68bebb2de.apk
Size

605KB
MD5

52d376b16ea81906c20b6c8eac33019d
SHA1

f31ddc22872fc4e9642ca8fce1b9be4d62d24233
SHA256

4f39e86fb8f39acbd92f15da4a3b4eb622b52493e5d4e6d7c396eea68bebb2de
SHA512

57d0f44a6f7fc2ffd1b4bd1305a0d0bd1521401d9d21d6cd65ae80e2ffb67ebe8676f39c85b55a59b3c50181664068e40fe1b640f92364af210ef8187f379696
SSDEEP

12288:CyKc0+BjazBkz9iP0Twew190mVgHl+NVEkals4hDLrMhdhT:CyK1+NaVkzcP0Trw1909H0jBalsIzgdd

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

DES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/files/fstream-3.dat	family_octo

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.drawfarsym/code_cache/secondary-dexes/1731708208294_classes.dex	4973	com.drawfarsym
/data/user/0/com.drawfarsym/code_cache/secondary-dexes/1731708208294_classes.dex	4973	com.drawfarsym

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.drawfarsym
1⤵
- Loads dropped Dex/Jar
PID:4973

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drawfarsym/cache/classes.dex

Filesize
446KB

MD5
1a1a47e66116cf523207402412ba6c5a

SHA1
1908e7d762072261a4d06182b9434536fb7506ce

SHA256
2c907b6dda4c75fadcb2f104bc9b659a480372846402f36c1cc26c2c568b6882

SHA512
0e32e9d5f9644877d59416932143b8f48cc98e27ab5f0a7b1b7d5d95582ad9bc0ee7c31fb9cef72dc5f95dab73afd0715b0fe4274a0f2df2290da710d0a43f67

Download Submit
/data/data/com.drawfarsym/code_cache/secondary-dexes/1731708208294_classes.dex

Filesize
1.1MB

MD5
886f51647085722e7b6f112c0c2d6ced

SHA1
ea28019273cf4c51d37c613dceac3e1e2656e1a5

SHA256
02fbce2d24686a16c21b880c07af3357533e2e3ad361a21b1057f5511ae5fc9b

SHA512
b3204dc5fe2b5c06016d15764eea6903c1f7bd171987bedea89d9fc6689bc118054a76f2c1125ecf7fed86f9f472859d361169bb992e9f3b9d7c8c20bc7899c3

Download Submit
/data/data/com.drawfarsym/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drawfarsym/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
8cf2156b124e4941bd9f238f94b68f33

SHA1
f13c68af97c6b5720c6998d7b8c5c0f861941d50

SHA256
1557a63ae697976086abb93360bf268e9e0167c73d72c2f42e92ee0b522d66e3

SHA512
dcc84517456fb56fa8c98c9338fc820f51612df50fb6b513dea625406e1a36f0d5a3488dc97f9e9862330529ccb85568d1e5abcc0ae278b6d92c587238a1a0d0

Download Submit
/data/data/com.drawfarsym/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.drawfarsym/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
380d0c9f5281fe2b241f88ca40ea631f

SHA1
ebe88d68cf33a160b3168e2243dcaf57b2c62713

SHA256
8db468ae436300f957c715ef88ee6c32e558eeb85faf80b31c414fa5890c2efb

SHA512
cbb9aefdce75f7ce604a5d13666f85c9059fcd54ca9736c8dbbc7bf8053fd392b8eeaab728409097baf1950f8cb0ddb347cf4f9b41b89bb4834bb83f756ecd19

Download Submit