Overview

overview

10

Static

static

7

GooglePlay.apk

android-9-x86

10

GooglePlay.apk

android-10-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GooglePlay.apk

  • Size

    530KB

  • Sample

    221124-bfhdhscb5w

  • MD5

    fccad586a06a044704de138b30229b5d

  • SHA1

    50d4af7d8bbd6ad02bf708173ba115497d626549

  • SHA256

    610ebf1037134ef4be64c44846428e71ce30b51aa13a14c459f978531f09722c

  • SHA512

    6c54238e53ed23aaf0d84d9dad01d16e8a097e0fe5d63de1b9a653cb8e1be0498b060508fdc32569fd2eebc48a00d199d30fb174ad00728f362b0e860b2a8caa

  • SSDEEP

    12288:m0x6FtyhgGaZjf7JaRdmXyVgqQpmYwZ1W6AvOH2LaMPIXv:mLypa5tJiqmyFRLgv

Score
10/10
octoandroidbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://24fdghhoo1.top/doc/

https://25fdghhoo1.top/doc/

https://26fdghhoo1.top/doc/

https://27fdghhoo1.top/doc/

https://28fdghhoo1.top/doc/

https://29fdghhoo1.top/doc/

https://210fdghhoo1.top/doc/

https://211fdghhoo1.top/doc/

https://122fdghhoo1.top/doc/

https://123fdghhoo1.top/doc/

https://124fdghhoo1.top/doc/

https://125fdghhoo1.top/doc/

https://126fdghhoo1.top/doc/

https://127fdghhoo1.top/doc/

https://128fdghhoo1.top/doc/

https://129fdghhoo1.top/doc/

https://220fdghhoo1.top/doc/

https://234fdghhoo1.top/doc/

https://235fdghhoo1.top/doc/

https://236fdghhoo1.top/doc/
AES_key

Targets

    • Target

      GooglePlay.apk

    • Size

      530KB

    • MD5

      fccad586a06a044704de138b30229b5d

    • SHA1

      50d4af7d8bbd6ad02bf708173ba115497d626549

    • SHA256

      610ebf1037134ef4be64c44846428e71ce30b51aa13a14c459f978531f09722c

    • SHA512

      6c54238e53ed23aaf0d84d9dad01d16e8a097e0fe5d63de1b9a653cb8e1be0498b060508fdc32569fd2eebc48a00d199d30fb174ad00728f362b0e860b2a8caa

    • SSDEEP

      12288:m0x6FtyhgGaZjf7JaRdmXyVgqQpmYwZ1W6AvOH2LaMPIXv:mLypa5tJiqmyFRLgv

    Score
    10/10
    octobankerevasioninfostealerransomwarerattrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks