octo | 01b0dc21dae4f586ad7919aa55eb1e48dbb0e6b131808d2f7b89e3b504177e27

Analysis

max time kernel
5s
max time network
159s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
20-01-2025 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01b0dc21dae4f586ad7919aa55eb1e48dbb0e6b131808d2f7b89e3b504177e27.apk
Size

1.8MB
MD5

a1d0b863085d3fb4834809b0b1c993c3
SHA1

27e280c93ff98c957d1aa23899b7fc9e9822da3d
SHA256

01b0dc21dae4f586ad7919aa55eb1e48dbb0e6b131808d2f7b89e3b504177e27
SHA512

d22d5e20ee468584244dc9df6dc1f711a3bc12a3393dab302cf9747fce567710327ec564b70d80e58ab4168cf2c4f6697942f447f8a151d30239c00a348f00cb
SSDEEP

49152:s4aKJopbRLWtME63k8h7BRw+BEYA4fzeSwkC5+wkrZpUvD1I6zKJ:eOtHGk8htRw+SYPreSwF+wktpUveOw

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://yenisafakhaberler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmansetler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgunluk.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksondakika.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyazarlar.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgundem.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakekonomi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakspor.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakdunya.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmagazin.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksaglik.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksiyaset.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilisim.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyerel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakaktuel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilgi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakvizyon.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakteknoloji.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakkultur.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakinsan.xyz/Y2U1NjM1NzFkZTlk/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4970-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.teschvisions.smarupt/app_island/xjql.json	4970	com.teschvisions.smarupt

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.teschvisions.smarupt
1⤵
- Loads dropped Dex/Jar
PID:4970

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.teschvisions.smarupt/app_island/xjql.json

Filesize
153KB

MD5
421e6839bd4f46bcb8097d10a42247e0

SHA1
2a74ee5ef4b287ad223ad2615d351ff3f2a2dabc

SHA256
572de603c41339648b0968c04b0e84ea5228f2d4b219681789d9c59ebf842b5b

SHA512
41a8cea2f82d181206336484763342ca8513ebdad06115b84efdb8042b976fd60e64647136b18465dec7e9de80f4b44538dd041a7f08017472d2a2703aa747bf

Download Submit
/data/data/com.teschvisions.smarupt/app_island/xjql.json

Filesize
153KB

MD5
17a95ebc171bb57c8f2a42daa7c6dc5f

SHA1
0e29db0f0b212ba9e8147657a27b7d9ce770a509

SHA256
e38fb5a5327a5ff7211b4431266d64456c688751251d93a49591fbba0e238775

SHA512
d20c2fa1b002131663af62bda5f213e37657b408c9446600a0717f192f4141a92f182984571ae518f8c29de5cde5e91bef8ba1b7fd95f8b46df0198a77590c33

Download Submit
/data/user/0/com.teschvisions.smarupt/app_island/xjql.json

Filesize
450KB

MD5
20a501204c85cb5fe9d8af3c237d3ede

SHA1
8675849a7885c802743f7ec7c0dea677e51d18d0

SHA256
405f92c6cc1da189bc4a5b722f42dfe6d304f5c84b70d3ae83edc29debc2c8b4

SHA512
652a37506c5b99bed9913c441f3cbddb9f9f6767f900d13f4e6d774fa2a8f28f7cab7bc6d3439bfc8b9580ff6bde177e9090bd2ff3cfd109c6f638247dd617a9

Download Submit