Extracted

• • Target

    chrome-update07037.apk

  • Size

    1.4MB

  • MD5

    6ce4811406f1aa4ac58885468d333d3a

  • SHA1

    9c8dc854416102cd2da2d7b44d1308bd86c8397b

  • SHA256

    6b4daf02a4732fd7c826fe5855de736834deb1cb1e80340f7f691af15cdc2085

  • SHA512

    d57de270655b1521a78798d693553e4abc35d4236aa27d487c2a7ca91ae3f43302b142b76ab1d81f2365c162e771cd960ea8f60bc658fa780a65ef420336d366

  • SSDEEP

    24576:CUP6c4qq8v0sM+B6zn7vtvuf6xHt0Q6rLapb65gNan3ZrliCOSHSl:CnR00geFvuZ+anpoCOZ

  Score

  10^/10

  octobankerevasioninfostealerransomwarerattrojan

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto

  • Octo payload

  • Makes use of the framework's Accessibility service.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    banker

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Removes a system notification.

    evasion

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1behavioral2