octo | 96515ec94f2bce57561174f2516246c16b73ddfc5f0aadf2aa576f65604df213

Analysis

max time kernel
6s
max time network
149s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-11-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2427241add3123a2e6fba0aa091c487816d9b670.apk
Size

2.2MB
MD5

337d933f1a96325b4decf4c1efd80957
SHA1

2427241add3123a2e6fba0aa091c487816d9b670
SHA256

4a0ee191e0f6b400106812a55996b4d7848ce9d73d86aed7d58d1ec10cd46d2e
SHA512

033c88cd5d8801bfd1dbd0307fa71eb906d05a7497089fa27b26c46f73167d8bcad56793f154e3ce155d54d0c4a6c87d906f9ef2fd336ac5930720c869621f1a
SSDEEP

49152:qElGP+TaA9+wRqOsfGIg6j4PmrGngzsRjOJ21614u+Ii+0Un4mjO6wuOJW99EIpH:qElGgN5ysPmKgARjOJ461hGXUnRjTs89

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://hayatindonderlerikararver.xyz/MDQ2MTZjMDhlZDQy/

https://zorluklaryenicocugunhikaye.xyz/MDQ2MTZjMDhlZDQy/

https://yasamtarzdunyayidogrutani.xyz/MDQ2MTZjMDhlZDQy/

https://cikmazyollardaumutarayan.xyz/MDQ2MTZjMDhlZDQy/

https://hayatinhikayesipratikcozum.xyz/MDQ2MTZjMDhlZDQy/

https://yasaminkavgaveodulleri.xyz/MDQ2MTZjMDhlZDQy/

https://kucukengellerbuyukbasari.xyz/MDQ2MTZjMDhlZDQy/

https://zamaninguctusevinyasan.xyz/MDQ2MTZjMDhlZDQy/

https://gucluklertetekiseyaoyun.xyz/MDQ2MTZjMDhlZDQy/

https://hayatdersleriozetlemeler.xyz/MDQ2MTZjMDhlZDQy/

https://umutlarvesikintilarbirlik.xyz/MDQ2MTZjMDhlZDQy/

https://cikissizyollaryasadogru.xyz/MDQ2MTZjMDhlZDQy/

https://zorluklarveguzelliklerin.xyz/MDQ2MTZjMDhlZDQy/

https://hayatsevdigiolumsuzluklar.xyz/MDQ2MTZjMDhlZDQy/

https://yasambaglantilaryaratici.xyz/MDQ2MTZjMDhlZDQy/

https://cikmazlardayolbulanruhs.xyz/MDQ2MTZjMDhlZDQy/

https://hayathikayelerinikavrama.xyz/MDQ2MTZjMDhlZDQy/

https://yasanmisliklarvesiniflama.xyz/MDQ2MTZjMDhlZDQy/

https://umutvemucadelehayalleri.xyz/MDQ2MTZjMDhlZDQy/

https://zorhayathikayelerindenson.xyz/MDQ2MTZjMDhlZDQy/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral7/memory/4975-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.accident.beauty/app_worth/DeBy.json	4975	com.accident.beauty

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.accident.beauty
1⤵
- Loads dropped Dex/Jar
PID:4975

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.accident.beauty/app_worth/DeBy.json

Filesize
153KB

MD5
596c826d7c88ee64df718e042e5cee22

SHA1
4eb293bc06458d9877c94378967164552e9d7f48

SHA256
b6e0dbf6e3263aa8e53b1ca909def5bc0b926b780accfbd474fd1eeb86c66c04

SHA512
d3b0cb78e095fb0687ac4259bd002ab2393e7c34359692c447de072c4603d24a990e7dd02f4aae6529088c900f7aa41fd16a2a7164dc27aa6cc29d990de9548e

Download Submit
/data/data/com.accident.beauty/app_worth/DeBy.json

Filesize
153KB

MD5
9befc8affc5366b59685272fd340cd1a

SHA1
db18d7b7dfde5e995391d328b0161f08f627af29

SHA256
8e5df11fd8df5db9f7e159d639e3d25f6509fdb320f4935fa131412f0a5abfc3

SHA512
7ffffc2a42fa0cbf29babd56b4169d7198b129f092bbd76d6857e3f97023c2c7753cc7c6fb7057a1fb6321ba787688fe0dcc55e1aa12fa0a5313ba99a906e1db

Download Submit
/data/user/0/com.accident.beauty/app_worth/DeBy.json

Filesize
451KB

MD5
1b5e10f5a09de3a49f22d4daf4cbde5e

SHA1
2ac8711f065d3e3a18d1b709145025d5ea16a0f5

SHA256
49645a19899dd63c8ee1b2ff3da5572344d1476125064114e81e7def8e405802

SHA512
936d8477e97d18f02752a4ba04cf95a33941daf4f6be90d7d47aee852c45dced9d9db7ab9739f123c0666cb1d272ba68f41b99c2d911b643bad0c036e9a829ec

Download Submit