octo | b984090b834a91fbf8ead0f2df1330b08c4ba5f4fa64d420865107db6fd365b5

Analysis

max time kernel
8s
max time network
150s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-11-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b984090b834a91fbf8ead0f2df1330b08c4ba5f4fa64d420865107db6fd365b5.apk
Size

1.8MB
MD5

010b68359d1ad311c8a593e3681367a1
SHA1

a013c39bc004bce0d93afcbf588e095c14f68cc4
SHA256

b984090b834a91fbf8ead0f2df1330b08c4ba5f4fa64d420865107db6fd365b5
SHA512

6d74b574336cd2efa93519b422c72db19ec22031c8d9842d2b9ad1785274e2ca8f20ffaa6b2611577557838914415bf3a20d6220e36a7e366116d6b07d4626da
SSDEEP

49152:f4Zv9FhouH/htp7hN1Vs74IMEEkDuMlmDRTYNyZgBzYp2U6hNo:f4ZlFhoW/tNPm89XK2pYN193o

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://hayatindonderlerikararver.xyz/MDQ2MTZjMDhlZDQy/

https://zorluklaryenicocugunhikaye.xyz/MDQ2MTZjMDhlZDQy/

https://yasamtarzdunyayidogrutani.xyz/MDQ2MTZjMDhlZDQy/

https://cikmazyollardaumutarayan.xyz/MDQ2MTZjMDhlZDQy/

https://hayatinhikayesipratikcozum.xyz/MDQ2MTZjMDhlZDQy/

https://yasaminkavgaveodulleri.xyz/MDQ2MTZjMDhlZDQy/

https://kucukengellerbuyukbasari.xyz/MDQ2MTZjMDhlZDQy/

https://zamaninguctusevinyasan.xyz/MDQ2MTZjMDhlZDQy/

https://gucluklertetekiseyaoyun.xyz/MDQ2MTZjMDhlZDQy/

https://hayatdersleriozetlemeler.xyz/MDQ2MTZjMDhlZDQy/

https://umutlarvesikintilarbirlik.xyz/MDQ2MTZjMDhlZDQy/

https://cikissizyollaryasadogru.xyz/MDQ2MTZjMDhlZDQy/

https://zorluklarveguzelliklerin.xyz/MDQ2MTZjMDhlZDQy/

https://hayatsevdigiolumsuzluklar.xyz/MDQ2MTZjMDhlZDQy/

https://yasambaglantilaryaratici.xyz/MDQ2MTZjMDhlZDQy/

https://cikmazlardayolbulanruhs.xyz/MDQ2MTZjMDhlZDQy/

https://hayathikayelerinikavrama.xyz/MDQ2MTZjMDhlZDQy/

https://yasanmisliklarvesiniflama.xyz/MDQ2MTZjMDhlZDQy/

https://umutvemucadelehayalleri.xyz/MDQ2MTZjMDhlZDQy/

https://zorhayathikayelerindenson.xyz/MDQ2MTZjMDhlZDQy/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4970-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.number.make/app_involve/rcd.json	4970	com.number.make

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.number.make
1⤵
- Loads dropped Dex/Jar
PID:4970

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.number.make/app_involve/rcd.json

Filesize
153KB

MD5
3eb4b058662d3802a36c0d7616344e3b

SHA1
e2d3e2d4e9657918f2145babed568d3eeb0082a1

SHA256
0045f560dbd019b1bc167fed84313c7e416b0782978ff857e4dfc9e55649ec73

SHA512
d53ad17670c582eb25bcbb3ba44e1f3ba6ca7b159e0664ca2c5aaa15ee18aa5542236333dcb7d22d6afa2fd58ae25fca54444c7992a2b33a84a2c291298cd602

Download Submit
/data/data/com.number.make/app_involve/rcd.json

Filesize
153KB

MD5
105114ffe8d51e19a166a525e7b8fdaf

SHA1
f17609046e5e6b82c037ba2285789d191e5408e8

SHA256
5a2d3f2ebdd34ee81bf650279b892d684788ad1fea07ce71555c12d3301ca65e

SHA512
bfd0d76c3912dd2950421d612f18f015999c85a4fce8899be08d4da1cadea158462190918473074cca4e2fbd05d332f69196e159031e50f1b675893d57700adb

Download Submit
/data/user/0/com.number.make/app_involve/rcd.json

Filesize
451KB

MD5
e848bb4f91c120fd066acc58eedc1263

SHA1
fc5749b3cbd296c7f34370557baadd837d9aa84d

SHA256
564ed97f7417b157f3ee37653faf9b7938f2c2e240d3156b3ec10c627f0a5855

SHA512
cf3b150d7f9ccd4681c624f4ecc08b6b9563dfbbcb3ec391204cf9c16ef777c5eb3614d898aacf8ac6d35056db12f21456ef9409b0f51aa9a4fa1d5d8fd64553

Download Submit