octo | e6569b723ab84a98c9f8d43b03f0aad49efcf2c314efbc7ae6f99d2f462febd3

Resubmissions

18/11/2024, 10:55

241118-m1bx1svlds 10

17/11/2024, 22:00

241117-1wttxsyncy 10

Analysis

max time kernel
7s
max time network
145s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
17/11/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6569b723ab84a98c9f8d43b03f0aad49efcf2c314efbc7ae6f99d2f462febd3.apk
Size

605KB
MD5

e109abe047081e2850c113f051fa2399
SHA1

013a453d3cf1a897a8055c4dcd0ee974b7fbe15d
SHA256

e6569b723ab84a98c9f8d43b03f0aad49efcf2c314efbc7ae6f99d2f462febd3
SHA512

a084442a82f83ab83db09bbbfaa0d4218e0c7d246544ac978fdd261d7ef7c32e802b202ebee558eb2916af35a1ad499bb9f9e431aa42a40cd1b30e06d7933cf4
SSDEEP

12288:4TK+XfiFh6KipZ8hlrOKMWLfkf8+U01PxKeyis4hDLrMhdy4:4ThOfiZI8tt1P7yisIzgdy4

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

DES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/files/fstream-3.dat	family_octo

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.eachdidrtz/code_cache/secondary-dexes/1731880834951_classes.dex	4969	com.eachdidrtz
/data/user/0/com.eachdidrtz/code_cache/secondary-dexes/1731880834951_classes.dex	4969	com.eachdidrtz

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.eachdidrtz
1⤵
- Loads dropped Dex/Jar
PID:4969

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.eachdidrtz/cache/classes.dex

Filesize
447KB

MD5
8262b6e449a9c36b0b04da4f0ba66faf

SHA1
9048317b5eb21106a26043dccc50bf88e01c01ff

SHA256
219ed6c3f2a607bf79d237ec79da71c60f5dded5628755ac1c6a49f4da0192ab

SHA512
d8c8c934f4f4e24820e4cfa22049eb1107bd97a38250574f47e80513a07598d60c900c8fb13ca668e55462112b926ced3e3e8490cbc16baeac7c39cd37b893be

Download Submit
/data/data/com.eachdidrtz/code_cache/secondary-dexes/1731880834951_classes.dex

Filesize
1.1MB

MD5
466d8d46387ad88b170b1c35085e9e08

SHA1
64279445185cc85ecca8e67aa626ba2dd3a4b6e2

SHA256
54a4e0e614f4e25153271efc05103aaf57ee70abeac84a921f48e5701159bbdf

SHA512
2e8f0ee18b75921bcffc151df7cefad1b4c5ec5b8ab1df79c8808222be5524d107438458f5d64d24ff6a1ca61491895cf3a458a95ea6a456cf82c1189901573d

Download Submit
/data/data/com.eachdidrtz/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.eachdidrtz/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
98074f0879b55a32387bdab5d489b158

SHA1
62f0d5fe884c01e2014a4c3eed5408252db93788

SHA256
6d7f18e5f99a470ca0ea7826b9c09634244c379ae50e77bcb3903865a1370a19

SHA512
28c428a6e4762fc3eeaed8f73cc67db22c32c1c29b2f80e12c0cbc52f5f0e9f53eaf3f9157406fd5b16037f7c7880e36d8257042a51a286471222bfab334b84c

Download Submit
/data/data/com.eachdidrtz/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.eachdidrtz/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a067f1bc2f621379dc9aa0d5631844be

SHA1
46de47d9907a438f57ad7f527587ed2111e9a5d5

SHA256
388d1035fcbe1a31cd4dd24188417ecfced0357c954f2c467d089e826a3869d1

SHA512
8095d827eb7ef48e558a4c3bfa5983ebcad1181b8340ef929d0b6e22cec15f6a00a265f093e17716f74f15032bb8818cecee3dcc87a0c219d339aa45e7c2bc5d

Download Submit