General
-
Target
94d9a3428f6143a11bf674c1afdfef2dcf3ac4e62e109a2f1eb3a6647da45519.bin
-
Size
541KB
-
Sample
230830-1wm2dabd27
-
MD5
808414f3db4fca9182bbc9e3e7c562a0
-
SHA1
b40693a1a63793b56e355ba6c82d0331c2c8a65e
-
SHA256
94d9a3428f6143a11bf674c1afdfef2dcf3ac4e62e109a2f1eb3a6647da45519
-
SHA512
a371354c5198ed2f542788f3d09505c52511aa7a7b9497b9fe382a0d8c07febb54e86603ea3b41732bcf5b3cc0c804679f12f7274a45a79b58b82a474e490b12
-
SSDEEP
12288:7NtSLlwmpUHPsOQk745tAG7LAITzew8s/0kp7obeAvQQ8R:zEeHzcLt7LAgr/0kp8qwU
Static task
static1
Behavioral task
behavioral1
Sample
94d9a3428f6143a11bf674c1afdfef2dcf3ac4e62e109a2f1eb3a6647da45519.apk
Resource
android-x86-arm-20230824-en
Behavioral task
behavioral2
Sample
94d9a3428f6143a11bf674c1afdfef2dcf3ac4e62e109a2f1eb3a6647da45519.apk
Resource
android-x64-20230824-en
Malware Config
Extracted
octo
https://79.110.62.118/YTFlMzViNjNiNWM3/
https://yamacfirarda22.xyz/YTFlMzViNjNiNWM3/
https://3yamacfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5yam7acfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5yam4acfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5yam8acfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5y3am4acfirarda22.xyz/YTFlMzViNjNiNWM3/
https://5ya5m8acfirarda22.xyz/YTFlMzViNjNiNWM3/
Targets
-
-
Target
94d9a3428f6143a11bf674c1afdfef2dcf3ac4e62e109a2f1eb3a6647da45519.bin
-
Size
541KB
-
MD5
808414f3db4fca9182bbc9e3e7c562a0
-
SHA1
b40693a1a63793b56e355ba6c82d0331c2c8a65e
-
SHA256
94d9a3428f6143a11bf674c1afdfef2dcf3ac4e62e109a2f1eb3a6647da45519
-
SHA512
a371354c5198ed2f542788f3d09505c52511aa7a7b9497b9fe382a0d8c07febb54e86603ea3b41732bcf5b3cc0c804679f12f7274a45a79b58b82a474e490b12
-
SSDEEP
12288:7NtSLlwmpUHPsOQk745tAG7LAITzew8s/0kp7obeAvQQ8R:zEeHzcLt7LAgr/0kp8qwU
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-