octo | bba06962feb962f6619c5caad2ddb49c1f46f848397999405424e479efa7f2ca

Analysis

max time kernel
4s
max time network
159s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
21-01-2025 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bba06962feb962f6619c5caad2ddb49c1f46f848397999405424e479efa7f2ca.apk
Size

2.4MB
MD5

393e6aec7d139cdd445a15713075ee94
SHA1

fc80593b5c159f5981a3227904c8914560014b61
SHA256

bba06962feb962f6619c5caad2ddb49c1f46f848397999405424e479efa7f2ca
SHA512

88e8569e571c2d00e4fcd94364a2fa65140c39924a085f44d8c4ad3d3d22da837080cdb4b68798d99e1178aa8830fc429437f2263d497b27cd613979f2446c50
SSDEEP

49152:YVwE89T+UaQTZ9o62Ny2zhlqRaMrReoG8wlBzRc0dPkIF1o7jw5odrFEfleeEd41:ohP69o62k2zhgrReYOBzRcuPxLo3wGX8

Score

10^/10

octo banker discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

octo

https://karakterolipsbilgilendirme.xyz/hxDNtg7DB3tk/

https://karakterolipsdostlukhik.xyz/hxDNtg7DB3tk/

https://karakterolipssinemaevreni.xyz/hxDNtg7DB3tk/

https://karakterolipssanatvesahne.xyz/hxDNtg7DB3tk/

https://karakterolipskulturkonusu.xyz/hxDNtg7DB3tk/

https://karakterolipstarihiyolu.xyz/hxDNtg7DB3tk/

https://karakterolipsmasallar.xyz/hxDNtg7DB3tk/

https://karakterolipskonferansi.xyz/hxDNtg7DB3tk/

https://karakterolipsgezegenhik.xyz/hxDNtg7DB3tk/

https://karakterolipsdunyasi.xyz/hxDNtg7DB3tk/

https://karakterolipsshowsanat.xyz/hxDNtg7DB3tk/

https://karakterolipsicimsessiz.xyz/hxDNtg7DB3tk/

https://karakterolipsfelsefesi.xyz/hxDNtg7DB3tk/

https://karakterolipsyolculugu.xyz/hxDNtg7DB3tk/

https://karakterolipsrenkleri.xyz/hxDNtg7DB3tk/

https://karakterolipssunumlar.xyz/hxDNtg7DB3tk/

https://karakterolipsduygular.xyz/hxDNtg7DB3tk/

https://karakterolipsgizemleri.xyz/hxDNtg7DB3tk/

https://karakterolipskaynak.xyz/hxDNtg7DB3tk/

https://karakterolipsseruven.xyz/hxDNtg7DB3tk/

rc4.plain

Signatures

Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
banker trojan infostealer rat octo
Octo family
octo

Octo payload 1 IoCs

resource	yara_rule
behavioral2/memory/4965-0.dex	family_octo

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/homeworkout.homeworkouts.noequipment/app_split/FiGj.json	4965	homeworkout.homeworkouts.noequipment

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

homeworkout.homeworkouts.noequipment
1⤵
- Loads dropped Dex/Jar
PID:4965

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/homeworkout.homeworkouts.noequipment/app_split/FiGj.json

Filesize
153KB

MD5
e2ffad92a2c9e8d4087b2f6199fedbbf

SHA1
1601eb64bb88867acdb36278aa2f0ad260adbee7

SHA256
ebe33f2b046dddc3d1dba688ff8a58d22f41cf6f309c343cf4767706a7965118

SHA512
95d369e91cb40acb6990332b50266dbcb2f62caef5a9d9a30d05f903fa1caa25ae06545635634cd9f989723a5d5fe38d91eeaadde9f63fe39a01e6dd48758839

Download Submit
/data/data/homeworkout.homeworkouts.noequipment/app_split/FiGj.json

Filesize
153KB

MD5
798c770a573fa413338f5ff41b95a856

SHA1
39becb43c35ee69047c90a3c8ff91d04b4bcc4e7

SHA256
fd750d09994f0f9848f1ec4ff17947f54afec8e3cf36a64e0e37c4fb6400a81f

SHA512
f53622dcdf96ec1a93b6dd83933f3bfd4044515c6826eed7b6d15c603aec8b5f030e7621aa9cb5bbe58db1ad2bf80936b83f5e6c442e31058099f43ac370bba2

Download Submit
/data/user/0/homeworkout.homeworkouts.noequipment/app_split/FiGj.json

Filesize
450KB

MD5
c186e81d554e3718b88b544fe5e0ab41

SHA1
60bc93ba5f26b03f6dda1b45a373af9f0ff59ea7

SHA256
9fe9deda80a8fa54b59d75d7782cae2a0b4c89c0ad026f3ff223e04b79d1326f

SHA512
1cb0b2fd7517e11ee12b699b97b45ae947a0bfbcedb1be21882680419199ffdc76381a1676abfb0df62ae45d21b607b1ea7356d81da4596e6ab09e6d78ffcd73

Download Submit