octo | f1b9e3f4b8e23f56d14ea0d6ecf91e5022a7548a28c6bb0b1db6a2c274cd9ff3

Analysis

max time kernel
2s
max time network
151s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
22-11-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1b9e3f4b8e23f56d14ea0d6ecf91e5022a7548a28c6bb0b1db6a2c274cd9ff3.apk
Size

605KB
MD5

83d6844871ac04108a595028c172aa85
SHA1

1e51f9ff7995dd45fcc0a70b83ed96f54cfb1cd1
SHA256

f1b9e3f4b8e23f56d14ea0d6ecf91e5022a7548a28c6bb0b1db6a2c274cd9ff3
SHA512

2c45cb676ad3848c7df2e77fe12f90637bb36a2fc5eb90f6c7c67d63140b17adeb5eb96299cc089e0b045ceea942396d29578d6903a88250ea89ffa3d78488fc
SSDEEP

12288:VvNGODutF1Gplj0L41r+/gFuYXpxshdHYhn/t5PXfNIjXs4hDLrMhdKoDr:VvcOqxGplYL2r+ArXXOH8n/t5POjXsIS

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

DES_key

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/files/fstream-3.dat	family_octo

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.picturefar0/code_cache/secondary-dexes/1732313345712_classes.dex	5058	com.picturefar0
/data/user/0/com.picturefar0/code_cache/secondary-dexes/1732313345712_classes.dex	5058	com.picturefar0

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.picturefar0
1⤵
- Loads dropped Dex/Jar
PID:5058

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.picturefar0/cache/classes.dex

Filesize
448KB

MD5
5cf9d631f22561e02a179f71dff0ceb4

SHA1
e0b80130b2f9f54b950ecf20b3ec7de0649525ee

SHA256
a92ede0ec9f2196b880a00142716620cb25f5eddd64b79f410e66f40d44c0bef

SHA512
066c941846a4f9b47448f404a00f212d567cc24560820fc025c2dd033ebb8a50078ba8f631a00ad9c1c1b7bf9509517e76b10f391130384c7c63025afac4dbda

Download Submit
/data/data/com.picturefar0/code_cache/secondary-dexes/1732313345712_classes.dex

Filesize
1.1MB

MD5
ca1d5993f0a3a8478c9c751c1dcfa80b

SHA1
93297024888afd532d42a384c4e835d22230bb7c

SHA256
4da400e359bed2f4fe26735fcf56d02e66a711402d9ddf71c1dc5e681d022572

SHA512
0123f94694a2d15309c4e1f14de06a5628c7b6a14cf89bb64cc575fac2e1ee9a5f0b03f084edd43186e9f898b1b91c0722073cd941a47a0368e0e7049ed55969

Download Submit
/data/data/com.picturefar0/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.picturefar0/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
06e5ac26a74fd41da7221622b4bf87be

SHA1
44156e0fcb77fef9b89a2987d5b101726106d6e8

SHA256
bc941c44bd8d6012ea4e7bd1461694b6418e416d41cc04589fe647cdec0dcd5a

SHA512
b161fd1816a1012b82372a7df7a93a48a3cbac748c454e79e3071f4db674f7d8da0daf419b5287a34ca91fcddcdbda996ca83eb185a4b6871d9312b5ab0d938a

Download Submit
/data/data/com.picturefar0/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.picturefar0/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
6d20830dddcc0738874d237922fad9a4

SHA1
7dd2c8707bc87d296db8db361a8da35943c43a78

SHA256
94f884dd7b78767679268e3dbbb7783f7bcaf40d284258672ace359164fa42c7

SHA512
aee5e5cf38426dbe6f20eda4ff782e2c506ab1d60d58a1c9415e62963a1ab28ad93922c2e138f595416c956501bff3d19187fb5c480baf1bb13ef8322342b3f4

Download Submit