octo | 22df2102b4009bcce5c8a42480e39493f9a5a2d034979706ad3300203a940f6e

Analysis

max time kernel
7s
max time network
151s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
16-11-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22df2102b4009bcce5c8a42480e39493f9a5a2d034979706ad3300203a940f6e.apk
Size

2.0MB
MD5

3dd1b3ad3653dc2db39dd3af1698cca1
SHA1

c2db6f28d881b1b1309206bbabf5c0b204229ff3
SHA256

22df2102b4009bcce5c8a42480e39493f9a5a2d034979706ad3300203a940f6e
SHA512

5ae32eaf2323acacceb9db3103008cd06297812357b03841cfaf7abead2c614f1685cca26637aa75e4fa454d19175d44293e914276d2b00a839a652c38a5ecb7
SSDEEP

49152:kRgWLSAPDnpwh9BDLxOJN3T8FxMact6QHFMkAOf7iJtwYRiiYWlLApO0VKB+3BPg:kmTALn2HB4JZeR4nm6Y7QpMQRe

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://populeryabancianimaserver.xyz/MDQ2MTZjMDhlZDQy/

https://eglencelikahramanlaranimas.xyz/MDQ2MTZjMDhlZDQy/

https://cizgifilmtutkunlarianim.xyz/MDQ2MTZjMDhlZDQy/

https://renklidunyavekarakterler.xyz/MDQ2MTZjMDhlZDQy/

https://animasyonvekulturhikayeleri.xyz/MDQ2MTZjMDhlZDQy/

https://yabancisanatcizgiustalari.xyz/MDQ2MTZjMDhlZDQy/

https://cocukvesinemaoyuncular.xyz/MDQ2MTZjMDhlZDQy/

https://cizgidunyasindakiyabanci.xyz/MDQ2MTZjMDhlZDQy/

https://animasyontavsiyeveyorumlar.xyz/MDQ2MTZjMDhlZDQy/

https://sevimlicanlilarhikarakat.xyz/MDQ2MTZjMDhlZDQy/

https://yabancianimasinemaustalari.xyz/MDQ2MTZjMDhlZDQy/

https://cizgianimasanatyaraticilik.xyz/MDQ2MTZjMDhlZDQy/

https://populeranimaserverkaliteleri.xyz/MDQ2MTZjMDhlZDQy/

https://kulturelanimasyonvesanat.xyz/MDQ2MTZjMDhlZDQy/

https://yabancicizgianimasanatyolu.xyz/MDQ2MTZjMDhlZDQy/

https://eglencevesanatcizgihikaye.xyz/MDQ2MTZjMDhlZDQy/

https://yabanciveklasikanimasyon.xyz/MDQ2MTZjMDhlZDQy/

https://populeranimaserverdunyasi.xyz/MDQ2MTZjMDhlZDQy/

https://cizgianimasanatkonusmasi.xyz/MDQ2MTZjMDhlZDQy/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4940-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.math.dwarf/app_glare/OsKKT.json	4940	com.math.dwarf

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.math.dwarf
1⤵
- Loads dropped Dex/Jar
PID:4940

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.math.dwarf/app_glare/OsKKT.json

Filesize
153KB

MD5
f251850d5688bd003555f0d83dcb77bf

SHA1
83d509849ff703a993a61dd97a78aa04196e89d2

SHA256
7bff126e7c9efb123d1a2a4c699428fe936ab0d6c015d0a1c48664a380155b23

SHA512
77ff12b70a6da2938ea5810e579bdeaabf4a3a689346b8e43f2f0151f8910690a2faf5bfcd3a082d2438d047369f073fd7a5f6da64899c69fd7a219da379f2c4

Download Submit
/data/data/com.math.dwarf/app_glare/OsKKT.json

Filesize
153KB

MD5
8e80b509ac34f643f8eeb4d5b013c49b

SHA1
41c7f007f445a52e029dbd6c782f6b8ff1d765ec

SHA256
6e38dede1cc9a6441181a4021e23957429cab5589ea8298c0b0c0a33df37b82d

SHA512
1dc2c8db118c745f781dcf302c5a75033d80a154db953fd4892d4709423aff07704d6be4b322a8bc894e60a41bd4de98b206e3057cee1741da3baa64e2910958

Download Submit
/data/user/0/com.math.dwarf/app_glare/OsKKT.json

Filesize
451KB

MD5
3f809182f6b03452f06bdbc018e9e2ce

SHA1
540bc11f0ce5e9d6d8829d0806d4b3f99e46d658

SHA256
34fa816cdb3b27d2a93965c36d004de86901c5e16596bb808b0b6f9053a20c68

SHA512
2bda5c765ed396baaecc4770e65067bb98122ebf91c64db1a91fb3afca0e92cf6a837d4486857f6d1865f3f9e38a8566e988a4e7fada8f69512f8a7be9e7d476

Download Submit