octo | 028c30fa4780640b6321a73951732d1d373333dada278ca2f1c09b7ce1142bb6

Analysis

max time kernel
3s
max time network
36s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09/01/2025, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

028c30fa4780640b6321a73951732d1d373333dada278ca2f1c09b7ce1142bb6.apk
Size

9.5MB
MD5

41ea6683aa816baf957d3202fa9c5054
SHA1

17468a8f15bfa52a0514f194dc357212fe2e4288
SHA256

028c30fa4780640b6321a73951732d1d373333dada278ca2f1c09b7ce1142bb6
SHA512

0a6ae47bbb5d62a6a72c13becabc94ea0da2874ce0caa05ea5a8d3a0ba7406cb352ce53dc2f014775e95b34d285c26bbb37f7aea46b784e6a2442e640328bb6f
SSDEEP

98304:x+IYdaOkddteFHjJ3pOHKe322Y+hhbVKvMMQ3XJRsMVJBkMJ9h+Fu5iSRGvZlqj:AMYHjJ3Z2Y+PU0L3XJRDIwrP

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4946-1.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.yjorg23restheme/app_team/mg.json	4946	com.yjorg23restheme
/data/user/0/com.yjorg23restheme/[email protected]	4946	com.yjorg23restheme

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yjorg23restheme

com.yjorg23restheme
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
PID:4946

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yjorg23restheme/.global.com.yjorg23restheme

Filesize
48B

MD5
046a414913add6f5bb60072c7db819b6

SHA1
451ee4f6809260aec622d772fd329c7d0297a842

SHA256
b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

SHA512
4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Download Submit
/data/data/com.yjorg23restheme/app_team/mg.json

Filesize
1012B

MD5
eca498645b5bd16383bd428c766925b4

SHA1
d961d42d2100cac7ee67bec77cf446611dae723f

SHA256
23ed1dce46e866fadbdaa2e3af826fe7a3726d62e7c777cd274dcf3c5eed9ae4

SHA512
c4769e8c4f6eed0af503cb74b4104bef714a669a6f5e7f1454ed03474d46e2f90f82d04e4ecc3f87e43434eda5e95ce627fb8dc65f91e819e5d88bb7a0826c12

Download Submit
/data/data/com.yjorg23restheme/app_team/mg.json

Filesize
1012B

MD5
56d6513b22ec6c4c9ba5ee855c1e6579

SHA1
6b2c0d2e9b3478887143a0c6a9b70996f47ca985

SHA256
85a749450e9623700ec834c65a7f0c7b8a097fe74d8db0364602e13808d4d7f1

SHA512
0904be674cde0bff3bd56bbe417825fca1bb34b39662b73a0ac3c5bb1ececce29c1a01fcf262c35e99a2e186d143addc4b9e9bc8458d75ca0f38823feffe877a

Download Submit
/data/data/com.yjorg23restheme/files/.a

Filesize
322KB

MD5
77dc50489b9323274732d27dc8a4e803

SHA1
0e02a3595b62489d0739d771881da8604d117c65

SHA256
c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

SHA512
0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

Download Submit
/data/data/com.yjorg23restheme/oat/x86_64/[email protected]

Filesize
285B

MD5
3b7a191278c0d377b6509bf204edbe4e

SHA1
18f4ab2278c0e669e21a04a54647682093938276

SHA256
723624f9eefaf089b57db52b96de4d4ddb2d5987ecc40ca2d2141a55d0f6c1c9

SHA512
fc62be5d34c585240ec98066f9aea60397443f0b4b79209a0ac8f32dbf7826690bec969bbc5bb245c0e04853e38e27ad2d9acfbfbad0f61c0ae1ff2c2de185dc

Download Submit
/data/user/0/com.yjorg23restheme/[email protected]

Filesize
525KB

MD5
8e2b97167fbf1e4345812fa752e62a58

SHA1
cc00ab2c4d1ae911ec0dcbcb2f59f3b3c0c9432c

SHA256
b173c2dd59255787c98255faaa5d70668203a97d182fad1ec01ccbc3f44c551b

SHA512
7c567d0085a63067ff3e3a69a1f3cf0877cc7758016f429b31c9cadd3c139809f5a6d2c4b9c339f188e3500f35d1a3d1b9480dce6a9894558ca1cb5345d25fd8

Download Submit
/data/user/0/com.yjorg23restheme/app_team/mg.json

Filesize
1KB

MD5
089255f815eb0905b6d907afc565cfbe

SHA1
e45b27316d7f31fabfd50e4f4f344da3e8a3b972

SHA256
b7aae8943606b2fc76e6ba9e3770d1050300cb40d97fe9c5a240872ec6e8dd7c

SHA512
2a6ffe80eeb5609ed8f502a0a7eb0ae73df1c9e9cba2f13f3e97b7b83496467aa5deaca943193c923d3a7962412c7eb876c739dd887a3871780d53c82a5664c4

Download Submit