octo

General

Target

39f6b3d91fa6a914eb531a20c46ac97fd4d428ed7cf739d3c641f5f163b38f7c.bin
Size

541KB
Sample

230904-1wrdssbd2w
MD5

f15b1518c9080cb415efbd294eb1c5d0
SHA1

01c5002b4276541f8c49dd7e1cd64ba018052d96
SHA256

39f6b3d91fa6a914eb531a20c46ac97fd4d428ed7cf739d3c641f5f163b38f7c
SHA512

a413727a8381da613487f064b131c763acf1cdf98bd1ddcb6cef28feece58d0de6a6736827031892da7676263a209503392bc0d268a2155501b922be45e79a33
SSDEEP

12288:ZA3X3I1jHeTTFo+MPJ3FfC2AUPUZMrqhTKHXslhqbicRXYZyoPa:ZA3X3IN+Ta+MzCNCTWYXQh3cRXGi

Score

10^/10

Malware Config

Extracted

Family

octo

C2

https://176.111.174.92/ZTIyNTVmMmE1NzNl/

https://12logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://13logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://14logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://15logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://16logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://17logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://18logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://19logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://20logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://21logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://22logites432532s.xyz/ZTIyNTVmMmE1NzNl/

https://kalpazanlan101.xyz/ZTIyNTVmMmE1NzNl/

https://kalpazanlan102.xyz/ZTIyNTVmMmE1NzNl/

https://kalpazanlan103.xyz/ZTIyNTVmMmE1NzNl/

https://kalpazanlan104.xyz/ZTIyNTVmMmE1NzNl/

https://kalpazanlan105.xyz/ZTIyNTVmMmE1NzNl/

https://kalpazanlan106.xyz/ZTIyNTVmMmE1NzNl/

https://kalpazanlan107.xyz/ZTIyNTVmMmE1NzNl/

https://kalpazanlan108.xyz/ZTIyNTVmMmE1NzNl/

AES_key

Targets

- Target
  
  39f6b3d91fa6a914eb531a20c46ac97fd4d428ed7cf739d3c641f5f163b38f7c.bin
- Size
  
  541KB
- MD5
  
  f15b1518c9080cb415efbd294eb1c5d0
- SHA1
  
  01c5002b4276541f8c49dd7e1cd64ba018052d96
- SHA256
  
  39f6b3d91fa6a914eb531a20c46ac97fd4d428ed7cf739d3c641f5f163b38f7c
- SHA512
  
  a413727a8381da613487f064b131c763acf1cdf98bd1ddcb6cef28feece58d0de6a6736827031892da7676263a209503392bc0d268a2155501b922be45e79a33
- SSDEEP
  
  12288:ZA3X3I1jHeTTFo+MPJ3FfC2AUPUZMrqhTKHXslhqbicRXYZyoPa:ZA3X3IN+Ta+MzCNCTWYXQh3cRXGi
Score

10^/10

octo banker evasion infostealer ransomware rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo payload
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Octo payload

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Removes its main activity from the application launcher

Acquires the wake lock.

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2