octo | 9fd80d67ec221e68f9e631e9fb25013c9322f0271d1cd15b88d24559c08aa1d5

Analysis

max time kernel
6s
max time network
145s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
11-01-2025 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fd80d67ec221e68f9e631e9fb25013c9322f0271d1cd15b88d24559c08aa1d5.apk
Size

2.4MB
MD5

eef71b50e9cbdf3cc4b1e33c0adc7619
SHA1

c8008c79cf115152cc900c817bef24a3f1a1c646
SHA256

9fd80d67ec221e68f9e631e9fb25013c9322f0271d1cd15b88d24559c08aa1d5
SHA512

661fc60bb3ad49269467ea88a3d47a45964f546539c897f113a1e373effbc986a1c6a80fd5116a78dab256ebc84a52f399fd91e05f042def12d7b85bd7530963
SSDEEP

49152:V5p1GfV6yAsNzNTfxZ+InmKNUaVN9dlW/awBurMHbSzdCWtzvK9fVuDKFWA8x2KX:V5pcfRA2NT/mKN5ldUyhISRCWtS6DKFa

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://kaderotunikisiliksirlari.xyz/YzNlNTRkYjIzODRi/

https://kaderotuyoreselhikayeler.xyz/YzNlNTRkYjIzODRi/

https://kaderotununeskilerehberi.xyz/YzNlNTRkYjIzODRi/

https://kaderotununanlamveonemi.xyz/YzNlNTRkYjIzODRi/

https://dogalvetazesirkaderotu.xyz/YzNlNTRkYjIzODRi/

https://kaderotudunyasinefsaneleri.xyz/YzNlNTRkYjIzODRi/

https://kaderotuvesifalibitkiler.xyz/YzNlNTRkYjIzODRi/

https://kaderotundogalsirlari.xyz/YzNlNTRkYjIzODRi/

https://anadolununilacsikaderotu.xyz/YzNlNTRkYjIzODRi/

https://kaderotuylaedilmisiyilikler.xyz/YzNlNTRkYjIzODRi/

https://kaderotundanyenitarifler.xyz/YzNlNTRkYjIzODRi/

https://dogalsehirlikaderotu.xyz/YzNlNTRkYjIzODRi/

https://kaderotununmistiketkisi.xyz/YzNlNTRkYjIzODRi/

https://kaderotutarifvesunumu.xyz/YzNlNTRkYjIzODRi/

https://kaderotuyadogalcozum.xyz/YzNlNTRkYjIzODRi/

https://kaderotuyolcususirlari.xyz/YzNlNTRkYjIzODRi/

https://kaderotukulturvetarih.xyz/YzNlNTRkYjIzODRi/

https://kaderotuyalifelsefesi.xyz/YzNlNTRkYjIzODRi/

https://kaderotudunyasininrenkleri.xyz/YzNlNTRkYjIzODRi/

https://kaderotuvebitkiselyasam.xyz/YzNlNTRkYjIzODRi/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4979-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.learn.loan/app_cactus/OIXXeTL.json	4979	com.learn.loan

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.learn.loan
1⤵
- Loads dropped Dex/Jar
PID:4979

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.learn.loan/app_cactus/OIXXeTL.json

Filesize
153KB

MD5
fe4d19aa1e5df690abc437091ee1b465

SHA1
7430f71e05b323b39fcd43e7ea909798b7fd7b85

SHA256
773501696ea184bdbb51e4f897f9d56c37e9b11fefe73049a3ee64ea944e7673

SHA512
cf6dad3a391346c7e68891c91abe2e4eb64fb77afb1798c370b4bf1cdda7effe38160f87728773f1fe8bfa1f2f60571003bb2120fc9d94e0f36cdee36b389815

Download Submit
/data/data/com.learn.loan/app_cactus/OIXXeTL.json

Filesize
153KB

MD5
f3abd7aba16685f9d81b53cee5ffed99

SHA1
76a33bc0a96c7177fb32c0da86078130c286d0d6

SHA256
b42cc6e7dffea84cd0aea0f46ff3acc969130462f0f92ad9cfa83f13ba9e506a

SHA512
c4300a68a1dc74d4db5f66927d18a475316edb28a7e17de5ae2c87968c95d3efb5474f58c98049a8013d6c1f8546d7dc25e9c65e9963b9b98f92facf5add1ff2

Download Submit
/data/user/0/com.learn.loan/app_cactus/OIXXeTL.json

Filesize
451KB

MD5
0a6b91dba1d22ecc9291432ebb5d924f

SHA1
8baff13b932d4f4b3173142147b099225c8074a5

SHA256
06ef75a9c7acf50a52ada615f97401bdc9250adf3549f5b3654a52c72061c8cc

SHA512
ae43bfebbf1be10a746687f247aa5275ec958cc89a2e9baeab9cc198bf7b14b6ef70d2cde6e85a1acd324825bbb58167a4c436a285d30c7688349f4f0652d72b

Download Submit