Overview

overview

10

Static

static

7

e84b200bc8...26.apk

android-9-x86

10

e84b200bc8...26.apk

android-10-x64

10

dt-mraid-v...ler.js

windows7-x64

1

dt-mraid-v...ler.js

windows10-2004-x64

1

dt-omsdk-m...ker.js

windows7-x64

1

dt-omsdk-m...ker.js

windows10-2004-x64

1

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

nopie_open...64-v8a

ubuntu-18.04-amd64

nopie_open...64-v8a

debian-9-armhf

nopie_open...64-v8a

debian-9-mips

nopie_open...64-v8a

debian-9-mipsel

nopie_open...bi-v7a

debian-9-armhf

omid-sessi...-v1.js

windows7-x64

1

omid-sessi...-v1.js

windows10-2004-x64

1

pie_openvpn.arm64-v8a

ubuntu-18.04-amd64

pie_openvpn.arm64-v8a

debian-9-armhf

pie_openvpn.arm64-v8a

debian-9-mips

pie_openvpn.arm64-v8a

debian-9-mipsel

pie_openvp...bi-v7a

debian-9-armhf

vpaid_html...e.html

windows7-x64

1

vpaid_html...e.html

windows10-2004-x64

1

webview_error.html

windows7-x64

1

webview_error.html

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    e84b200bc877f65e1944226d2903e12c54c67f859d2c2d631778cb23f6aacb26.bin

  • Size

    1.7MB

  • Sample

    230713-w7djvsah9w

  • MD5

    a461a42ff10b586719400c4863258695

  • SHA1

    f375ef21569f70b52a4ae4ade83dc4fa6ee2e172

  • SHA256

    e84b200bc877f65e1944226d2903e12c54c67f859d2c2d631778cb23f6aacb26

  • SHA512

    10ef99bdc1e2515bde99ab307cd6e2391ec91e356de124e3260cbefd289a7385cbd722c3aca42cb0025f16d1b4a1eae13beffc4a7ab58a477eedfa1d67516a63

  • SSDEEP

    49152:xJu1XTBxE0WUTvKHOraZ43gC+Tw7WB4cfqqDRGYIzT24aBHIJ9B6N:vGsUTvKH6aZW+8vQRGYoKLIJ94

Score
10/10
octoandroidbankerevasioninfostealerlinuxransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://marulkactuocxa.com/NTIwZmU2YzM0ZjU1/

https://godcaiasnffsa2.xyz/NTIwZmU2YzM0ZjU1/

https://dddcaiasnfaf.xyz/NTIwZmU2YzM0ZjU1/

https://buzlokolmactuocxa.com/NTIwZmU2YzM0ZjU1/

https://pnasfbvubafs.com/NTIwZmU2YzM0ZjU1/
AES_key

Targets

    • Target

      e84b200bc877f65e1944226d2903e12c54c67f859d2c2d631778cb23f6aacb26.bin

    • Size

      1.7MB

    • MD5

      a461a42ff10b586719400c4863258695

    • SHA1

      f375ef21569f70b52a4ae4ade83dc4fa6ee2e172

    • SHA256

      e84b200bc877f65e1944226d2903e12c54c67f859d2c2d631778cb23f6aacb26

    • SHA512

      10ef99bdc1e2515bde99ab307cd6e2391ec91e356de124e3260cbefd289a7385cbd722c3aca42cb0025f16d1b4a1eae13beffc4a7ab58a477eedfa1d67516a63

    • SSDEEP

      49152:xJu1XTBxE0WUTvKHOraZ43gC+Tw7WB4cfqqDRGYIzT24aBHIJ9B6N:vGsUTvKH6aZW+8vQRGYoKLIJ94

    Score
    10/10
    octobankerevasioninfostealerransomwarerattrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

    • Target

      dt-mraid-video-controller.js

    • Size

      19KB

    • MD5

      6527e163f5e3d88af93ed304e65cb0ce

    • SHA1

      9535e92f0ef351f67795977dcb0b9cd59c6db254

    • SHA256

      f56d5694cc588f6fb5ebe0188ad6ca4ac315f7fd15e447f5ae28198e94909f32

    • SHA512

      a06bc7260d1362d866181ad4cc5d3c3471998674421dd6739e40c48469afdc432b44955a0351994576bf5248930a0f9fc34a69b12fd10cd80c4815524ed0d1c6

    • SSDEEP

      384:7eEgPcMVXh9OLjFmgeFIS3JOSMP3TKa8m9j:7biZhyV

    Score
    1/10
    behavioral3behavioral4

    • Target

      dt-omsdk-mraid-video-tracker.js

    • Size

      4KB

    • MD5

      ff67d13b25e0ac1447d5e29fac7d4b3a

    • SHA1

      6a1b6c9e21676e3bf8e687be939344b63c872dac

    • SHA256

      e6c5165ae605ce34771c3de81a035321d68fb5cac3d7d9e27521c884dcafeaa8

    • SHA512

      2a4d408da38113102bba4154474a74169cb38461d602ad40b6e212a38919228f49a0a55b2bbb0862c1094474fdf1c20c459b6cab54e1319374046175f856d076

    • SSDEEP

      96:6AwI+Rtr3nKdI+W5EJs9GrehUgdAczj0uzvOKnVNIhjnin7yIyq:6AwTX7nWT6EW9xUSAUguzvOKnVNMin7j

    Score
    1/10
    behavioral5behavioral6

    • Target

      fyb_iframe_endcard_tmpl.html

    • Size

      521B

    • MD5

      331ab67d131439c4c50e02a3d7445008

    • SHA1

      675ac8d91e0a2fe211d49a8e42f20f018c4bd50c

    • SHA256

      efdac80cdb4576d2e0d93512348e9dbdb06e69e23a1db81838dc5e40a16715d9

    • SHA512

      eba60283d7d5562d3e27a9d5f9f382de621474796e68c4c7b8bf06fd20b081f5aa657ab58d988f40e76883eb8459e3b44f8f31f10424f6d181bffc3c28041e04

    Score
    1/10
    behavioral7behavioral8

    • Target

      fyb_static_endcard_tmpl.html

    • Size

      3KB

    • MD5

      d18fb1787ce0e84567496b8564e452aa

    • SHA1

      007033d0824685600611af6992060577e127dd23

    • SHA256

      2ae5e0576febb1a1cd63b10bf71644f99fcfd0fe7fb1f2d19525594165294e51

    • SHA512

      ba5225a80941e3ee4ff18401b910968a6cab47634914ecb68213599b96fd4b39c8722e82bf2883faf355d9416a6f2acaa36151a5d8969079cfcd4c6795f6003b

    Score
    1/10
    behavioral10behavioral9

    • Target

      nopie_openvpn.arm64-v8a

    • Size

      8KB

    • MD5

      ff3657405882502f0ed01d751172f6fa

    • SHA1

      27302f7e0afcd5f2aa18840dd8c5b60f2dfc8f68

    • SHA256

      55cdf0bd0ede9959f0b7cf9d911b06680cd9e1994a584a2e21dded43fc933452

    • SHA512

      4128b0daa014a48d7dd0c46e1468d4bc689352fb03e3a8bbd659105997c36ddf43e136d150fdc8ebe6bc8214963adbacce441c9751494fef74dbdb8c8e72d7a8

    • SSDEEP

      48:8Lwc6u6o/+xg3e+lpEAbdyMbdrAGMQdYS+xUetcxUfcQ53:8BJuQyTOdSUsc83

    Score
    1/10
    behavioral11behavioral12behavioral13behavioral14

    • Target

      nopie_openvpn.armeabi-v7a

    • Size

      6KB

    • MD5

      8751e9372e5b268eadbc4989177f44b8

    • SHA1

      15abb53754ccad999da3a1d450a5de5db17e37ab

    • SHA256

      b5dded874e0407753db898695763e663371fc5eb67ead05423f60e3c7612caa6

    • SHA512

      9ab6670c7c47472cfa505a5236f11ed826fe285537a000a95be6065a389b38efea3bd5f5028494bb944e2ca8c0482a486b96d51cabb0d8738dda8f5d0589e1e2

    • SSDEEP

      48:bTkwdXfFV0Sm3awUF3MUAbdyMbdr9joiu1+sHIdQQ0FHHxmFcuvtjv6GD0V2:BFVN8U2orEEIdkFHkFcuvlSG0V2

    Score
    1/10
    behavioral15

    • Target

      omid-session-client-v1.js

    • Size

      55KB

    • MD5

      ec66bd4160d9cb6db650caf6cb69b796

    • SHA1

      8c38ea5527844653eb6014130923542b57451297

    • SHA256

      e6c434e64d8c73759b7fdc69d331e89489127bb0da59168b02e16e6c9165afb0

    • SHA512

      b8e6e93ccd9b5a275f6f35a25055513fbdd99b9ec8cd4271a7bc7f8096f13cf83ad2195e8d88af013e48133276361dd54fd4373163ab197b1b8668fad376e045

    • SSDEEP

      768:RJkFU2PZiCCZVHAzqfiTGmKHg/1wEcvA5fioZgkwqDCWBoxKmvwLqI6Jg656TT6D:4FzCZ2tTDHCFT54/dE

    Score
    1/10
    behavioral16behavioral17

    • Target

      pie_openvpn.arm64-v8a

    • Size

      8KB

    • MD5

      ff3657405882502f0ed01d751172f6fa

    • SHA1

      27302f7e0afcd5f2aa18840dd8c5b60f2dfc8f68

    • SHA256

      55cdf0bd0ede9959f0b7cf9d911b06680cd9e1994a584a2e21dded43fc933452

    • SHA512

      4128b0daa014a48d7dd0c46e1468d4bc689352fb03e3a8bbd659105997c36ddf43e136d150fdc8ebe6bc8214963adbacce441c9751494fef74dbdb8c8e72d7a8

    • SSDEEP

      48:8Lwc6u6o/+xg3e+lpEAbdyMbdrAGMQdYS+xUetcxUfcQ53:8BJuQyTOdSUsc83

    Score
    1/10
    behavioral18behavioral19behavioral20behavioral21

    • Target

      pie_openvpn.armeabi-v7a

    • Size

      6KB

    • MD5

      8751e9372e5b268eadbc4989177f44b8

    • SHA1

      15abb53754ccad999da3a1d450a5de5db17e37ab

    • SHA256

      b5dded874e0407753db898695763e663371fc5eb67ead05423f60e3c7612caa6

    • SHA512

      9ab6670c7c47472cfa505a5236f11ed826fe285537a000a95be6065a389b38efea3bd5f5028494bb944e2ca8c0482a486b96d51cabb0d8738dda8f5d0589e1e2

    • SSDEEP

      48:bTkwdXfFV0Sm3awUF3MUAbdyMbdr9joiu1+sHIdQQ0FHHxmFcuvtjv6GD0V2:BFVN8U2orEEIdkFHkFcuvlSG0V2

    Score
    1/10
    behavioral22

    • Target

      vpaid_html_template.html

    • Size

      16KB

    • MD5

      7d7cb3d6c22da954fccb084f6c18ee01

    • SHA1

      529871b15146f802c1c1fe2342b31db9e328bb7b

    • SHA256

      05cb7160ec6766397cacbfc5d57373edbcb028917d81e2f2d748e27086db23cf

    • SHA512

      a73d034079dba15d38bd14ddb81afd8af51b31a5c80cd83346556e7ca7f2ec927511ec3c151abf7cdc108ac4671b7623066e0375b30536e1503125354fa1a15b

    • SSDEEP

      192:mrLYJFkVvGFQshArPtP842+Lw1wOEeR6kad8bWXSrJEBOn8TsjNC4ck8aanlDTtI:8U42Fn9qW4+EQNuSXIlodo4

    Score
    1/10
    behavioral23behavioral24

    • Target

      webview_error.html

    • Size

      123B

    • MD5

      a6a3de68e62eb1a0ff443325385b8cb3

    • SHA1

      181e4a3cd2a62f12f2a61f8f11af238ca936fb7d

    • SHA256

      cd12e9f4c832f5e35c2188535adb0dc85807a31f15e8bac3d24e53b4021b74ea

    • SHA512

      24f99c86a78e0cbeab13563006e1de993f0b5a9a18e8d60bab89bed56d96bcd14aeab8b5b14cc12e5d82d80704d60ecabd284f2d8a5bd6c89f80aabe9eff071c

    Score
    1/10
    behavioral25behavioral26

MITRE ATT&CK Enterprise v15

Tasks