General
-
Target
sample.apk
-
Size
536KB
-
Sample
221129-rgddysfe82
-
MD5
d894608cdc5037106852a15abda877c1
-
SHA1
f66f60aa2bd4ec84670f6fa2e027488303ee3b3d
-
SHA256
dfd15bbd8f0d7f499e0c48c22d150b048aee4e465ff2aaea919d08962e545272
-
SHA512
2253beca5624465c2d98e696610e9e11ea6597c977e82e9a6ccd6a81d82c1a2aed97eb76f5bfdb440025af0f786755f227ba6a5a53a55127b3b4fc89e0c6806f
-
SSDEEP
12288:K1g5eJmrDlwRy0l7+nOTsenT57UWkaGbanxwIvqcO2jMcAV:K1gkU6L4nAXnV7UWka6AAiYV
Malware Config
Extracted
octo
https://gyewuqghvsvx.com/YTFiYmViNzA3YjMz/
https://yqywywwyfcscv.com/YTFiYmViNzA3YjMz/
Targets
-
-
Target
sample.apk
-
Size
536KB
-
MD5
d894608cdc5037106852a15abda877c1
-
SHA1
f66f60aa2bd4ec84670f6fa2e027488303ee3b3d
-
SHA256
dfd15bbd8f0d7f499e0c48c22d150b048aee4e465ff2aaea919d08962e545272
-
SHA512
2253beca5624465c2d98e696610e9e11ea6597c977e82e9a6ccd6a81d82c1a2aed97eb76f5bfdb440025af0f786755f227ba6a5a53a55127b3b4fc89e0c6806f
-
SSDEEP
12288:K1g5eJmrDlwRy0l7+nOTsenT57UWkaGbanxwIvqcO2jMcAV:K1gkU6L4nAXnV7UWka6AAiYV
Score10/10-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Uses Crypto APIs (Might try to encrypt user data).
-