octo | c09f9c6f0a6cf28a16f8bf38763569e846ab224d3a297c9fc3710fa953c73885

Analysis

max time kernel
4s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
17/12/2024, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c09f9c6f0a6cf28a16f8bf38763569e846ab224d3a297c9fc3710fa953c73885.apk
Size

2.0MB
MD5

605ee22d6a39c0cd8360e62c00d7a33d
SHA1

68be1f3d4f31cede68489ace48a16895ecf01514
SHA256

c09f9c6f0a6cf28a16f8bf38763569e846ab224d3a297c9fc3710fa953c73885
SHA512

b1adbef8bb3e701d8581cd2cc8f5d3aa08b043a3fa72096082b27064f06d3396a30a90fa3fa38a905906c997f107aa09170c4a1808640629a398e9ef76224702
SSDEEP

49152:ZNNNJQ7JKWS6P0pz+gYejvjYYtiIQPzKbx2cEY9zGYV2qvZ78SGs+XelvM:lQVXS6P0pFYcDx1bx2cECH2qvZA938M

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://hayatvesanatguzellikduygusu.xyz/YmJlYTFiODdkMjcz/

https://mutlulukvesessizlikyolculugu.xyz/YmJlYTFiODdkMjcz/

https://yasamvesahtekarguzellik.xyz/YmJlYTFiODdkMjcz/

https://sevincligunlertatminkar.xyz/YmJlYTFiODdkMjcz/

https://dogaltatvesanatyaklasimi.xyz/YmJlYTFiODdkMjcz/

https://hayatlarinhuzurvesessiz.xyz/YmJlYTFiODdkMjcz/

https://keyifligunlerinfirsatlari.xyz/YmJlYTFiODdkMjcz/

https://sevgiiledoluyasamyolu.xyz/YmJlYTFiODdkMjcz/

https://sakinlikvehayatderinligi.xyz/YmJlYTFiODdkMjcz/

https://sanatvesanatcihayatlari.xyz/YmJlYTFiODdkMjcz/

https://ilhamdolubirhayat.xyz/YmJlYTFiODdkMjcz/

https://zenginlikvebasarihikayesi.xyz/YmJlYTFiODdkMjcz/

https://kalpvesanatdostlukhikaye.xyz/YmJlYTFiODdkMjcz/

https://mutlugunlerinyasamayolu.xyz/YmJlYTFiODdkMjcz/

https://yasananhayatinduygular.xyz/YmJlYTFiODdkMjcz/

https://dogaylaisbirligiyolu.xyz/YmJlYTFiODdkMjcz/

https://hosgoruhayatvekultur.xyz/YmJlYTFiODdkMjcz/

https://hayalguclesanatbaglantisi.xyz/YmJlYTFiODdkMjcz/

https://sadelikvehayatfelsefesi.xyz/YmJlYTFiODdkMjcz/

https://dogaldostlukvesanat.xyz/YmJlYTFiODdkMjcz/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4968-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.shield.member/app_enter/EFN.json	4968	com.shield.member

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.shield.member
1⤵
- Loads dropped Dex/Jar
PID:4968

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shield.member/app_enter/EFN.json

Filesize
153KB

MD5
840e676c035cffcc75813e39e26f815b

SHA1
5c64a11d8f978dc2da2cb7b6fc594aaeb75bd12c

SHA256
6412aaa0769ef9ae541abbbe186c4db5705e13edf230af518567ca50ce7789ca

SHA512
4427af975a503a679e896433d7e030959642857e85679d2040e115546ab48415aa0a7c3c5a0340f2e17199b6d016fd15e49dd9109bb5f7e2dc9a9687f116b481

Download Submit
/data/data/com.shield.member/app_enter/EFN.json

Filesize
153KB

MD5
ef689242ff209c2db3fe13b04628a2df

SHA1
2b1af7930a2458b562e3ea1739be206d95a5ea87

SHA256
733faeac8ae9ffa91d33c27f93f8988b7ea90b1499d9a1ccf50722e676638289

SHA512
36ac2bd6b574f35401a13602dc839fc4450b287ead72cb1d09231605795a1c83a16cd0d834f9f63499ab0468ff14dc6217c843de9b2b049b7ececfef7b6eee20

Download Submit
/data/user/0/com.shield.member/app_enter/EFN.json

Filesize
450KB

MD5
bf097478a7a3482477aa4514b6709dfb

SHA1
989227f267703dc591528f65fdcc59410b9c42a9

SHA256
080f8be2fcb3655bce27cbf5f48eb5c1e75535ed39222142eb11ec76bc53316b

SHA512
c6724dfeaf8d4791514e2e1cfc326821bd146b6bccfd22e83f186c0175f836ee46b37588e25a75359d4f50936fbf8ad6fe967bde1ab49bc68ea8dc643c8bc180

Download Submit