General
-
Target
80f72ef8508f9133004656a407287fa8da03a5edf72536eb1a3bef5ab352b4b0.bin
-
Size
1.6MB
-
Sample
230906-1wm2dacc29
-
MD5
7735cda43056278b0bd388930ad550ea
-
SHA1
7bf63af8f49e36617c7b0d58d0df03bce6372d8e
-
SHA256
80f72ef8508f9133004656a407287fa8da03a5edf72536eb1a3bef5ab352b4b0
-
SHA512
4be8d2de40c7f064c985255d0c7a05af4cda6d061cacca080dfa717931c4b61f1656dbe2a4736729e17d3d95d34a84c3972f1f10a28e7406cca95637dcdc969d
-
SSDEEP
49152:jJpi6nmWrFOzpu/3z+7jkXzZGZbmqYaqCAE4KoS8:jJRmWrFsMvz+sXzZQ/YJh
Static task
static1
Behavioral task
behavioral1
Sample
80f72ef8508f9133004656a407287fa8da03a5edf72536eb1a3bef5ab352b4b0.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
80f72ef8508f9133004656a407287fa8da03a5edf72536eb1a3bef5ab352b4b0.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
license.html
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
license.html
Resource
win10v2004-20230831-en
Malware Config
Extracted
octo
https://reservop.top/MmEzNTkzZDFkOWQz/
https://lauytropo.net/MmEzNTkzZDFkOWQz/
https://bobnoopo.org/MmEzNTkzZDFkOWQz/
https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/
https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/
https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/
https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/
https://superjunggvbvqqww.com/MmEzNTkzZDFkOWQz/
https://junggvbvqqnewsww.com/MmEzNTkzZDFkOWQz/
https://dejunggdejunggww.com/MmEzNTkzZDFkOWQz/
https://dejunggdejpopopounggq.com/MmEzNTkzZDFkOWQz/
https://dejunggdejunyyyyyggq.com/MmEzNTkzZDFkOWQz/
https://shopjunggvbvqq.com/MmEzNTkzZDFkOWQz/
https://nggvbvqqwq.com/MmEzNTkzZDFkOWQz/
https://nggvbvqqdfdsfsq.com/MmEzNTkzZDFkOWQz/
https://nggvbvqqopooq.com/MmEzNTkzZDFkOWQz/
Targets
-
-
Target
80f72ef8508f9133004656a407287fa8da03a5edf72536eb1a3bef5ab352b4b0.bin
-
Size
1.6MB
-
MD5
7735cda43056278b0bd388930ad550ea
-
SHA1
7bf63af8f49e36617c7b0d58d0df03bce6372d8e
-
SHA256
80f72ef8508f9133004656a407287fa8da03a5edf72536eb1a3bef5ab352b4b0
-
SHA512
4be8d2de40c7f064c985255d0c7a05af4cda6d061cacca080dfa717931c4b61f1656dbe2a4736729e17d3d95d34a84c3972f1f10a28e7406cca95637dcdc969d
-
SSDEEP
49152:jJpi6nmWrFOzpu/3z+7jkXzZGZbmqYaqCAE4KoS8:jJRmWrFsMvz+sXzZQ/YJh
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-
-
-
Target
license.html
-
Size
30KB
-
MD5
a095d4be2768cb6d37f9aa2de90a8a67
-
SHA1
2c87de9a26cf1ee17d701c333f088db314b1bce1
-
SHA256
30d2be0e050b7f1ec5e390326cefedb6e4a6304f5e2a623d0f7678cb67ff308b
-
SHA512
0ec91a396b39029ec6585215e777495d97e72191438ec37d93e203931a1ac79b1a966e201b9b92982439e3d372f82af98a64914647464d30e1f7f3ab8a558998
-
SSDEEP
768:/03s/uZ7je9IeMkkEdgC3BOgNMXUgPGaMx6NzJhCgaZpGgPGaxvam:/0c/uZ7je9IeMFIgeOgNMXUg6x6NzJhu
Score5/10-
Drops file in System32 directory
-