octo | c1c29e860490a42e318d28699b88b928ea7bdd0039e7422e32cbe1e9cde7a976

Analysis

max time kernel
6s
max time network
159s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
20-01-2025 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1c29e860490a42e318d28699b88b928ea7bdd0039e7422e32cbe1e9cde7a976.apk
Size

2.0MB
MD5

71e12b1556a968fe5adc5bb80ea11404
SHA1

ff815941492598a817ad24c7b357e4e1cd135fa3
SHA256

c1c29e860490a42e318d28699b88b928ea7bdd0039e7422e32cbe1e9cde7a976
SHA512

0dc43ef53390b00bf4fad565a9637e17efda8221f0bcfdfb8dfd71f5a40544264b48e35083da7f4cc7a57e5c370cd57a7b318ea24f99611960501e85f9ce82cf
SSDEEP

49152:vPWC4hOKnRQCSiidRgSB7TfxIMNhUFFARfkBW:vPJ4cKRkiOSSf4FAyW

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://hastanebilgimtarih.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenyenifikir.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenkulturu.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenvizyon.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenplatform.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenyasam.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencengundem.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencentech.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencensanat.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenekonomi.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenyollar.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenhaber.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenbilgi.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencengelis.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenpaylas.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenkulture.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenbaris.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenkonferans.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencensistem.xyz/MzhiMTg0NTAwOTY5/

https://yenisurencenprojeler.xyz/MzhiMTg0NTAwOTY5/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4969-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.teschvisions.smarupts/app_click/GBl.json	4969	com.teschvisions.smarupts

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

com.teschvisions.smarupts
1⤵
- Loads dropped Dex/Jar
PID:4969

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.teschvisions.smarupts/app_click/GBl.json

Filesize
153KB

MD5
f47f3337635d5c1c0e90570ce9e4156e

SHA1
d81607b71e05b54ad5e00439a1c06b28ce26b685

SHA256
9effaa3001482d17b10d6d349aeedc79edcb6c60974ef4f524bb3414a27be0ec

SHA512
1a57e5cae6d86250bd125a96ab7359d9bd756731294a26639a24cc449b33c366a94831019cf1edf1ea9cbeccee53dfe4acc060feee3f75386600d71286fabaa7

Download Submit
/data/data/com.teschvisions.smarupts/app_click/GBl.json

Filesize
153KB

MD5
2ca45f3f126f9336d746552d46a887cb

SHA1
eb6449c8b631fbf5bcba4b8414fc7e9cb9859bdf

SHA256
92f657ec9030b6e438b03a4e0bae29113a4fd0375834d35134dbebbf4f0be27d

SHA512
b56fe98bbe12b8fc49d453a243e12c4af510d87b69c543519cc6553653f8e79b45e0dd7bf695b6999efd3a2f2231a47799a4dd04c0da80072877d3fc7e6d88ab

Download Submit
/data/user/0/com.teschvisions.smarupts/app_click/GBl.json

Filesize
450KB

MD5
aca23f5bb0bd116132681449dd5ad843

SHA1
c3327962ecb3568f17b48f99928a8b3c2dde2558

SHA256
9ef6b96bae200eeb848d4bfe0e6c3f62287a9efd7fe19574ab7fcb61e9b7c890

SHA512
1f6ecec985ca0f52d819aed3b368a3d67a906acc63091163c3b061376db34b6356fff80bc99f52c8b1addbec53e16084aa5c9c25a165cccc51ab5bbbd9e7e3a2

Download Submit