General
-
Target
84809b81fda4ec780cba3ca3c6ab4e7b31a9fe1484a15682ee71d3d31be681c7.bin
-
Size
3.0MB
-
Sample
230907-1wrdssee9w
-
MD5
540cc8853a81b20b0290fd5e84f47587
-
SHA1
732fca8033282f9808bcb16d79a7f3be7d7120c5
-
SHA256
84809b81fda4ec780cba3ca3c6ab4e7b31a9fe1484a15682ee71d3d31be681c7
-
SHA512
7e0bbb8de7e5962547485ab5f290a34d48a911bea232319f49396db31f3fa32227c645c128dfdd40f3a3ec4bf5d95a0d0834f9363557644563b2c30b14543867
-
SSDEEP
49152:HMkPFtlUkAnbCWfubDeuEqK0ZNMxGoe9B+YwR9HC3M8J09TmL+fMybjJks1Ce9la:HMAFfUXbTGiuu0ZNE/kBsRw3M20w+FbY
Malware Config
Extracted
octo
https://nigemgrouapp.site/MWVlMGI1ODc4NjFj/
https://nigemgrouapp.net/MWVlMGI1ODc4NjFj/
https://stormslva.net/MWVlMGI1ODc4NjFj/
https://strmphone.net/MWVlMGI1ODc4NjFj/
https://strmbaselib.com/MWVlMGI1ODc4NjFj/
Targets
-
-
Target
84809b81fda4ec780cba3ca3c6ab4e7b31a9fe1484a15682ee71d3d31be681c7.bin
-
Size
3.0MB
-
MD5
540cc8853a81b20b0290fd5e84f47587
-
SHA1
732fca8033282f9808bcb16d79a7f3be7d7120c5
-
SHA256
84809b81fda4ec780cba3ca3c6ab4e7b31a9fe1484a15682ee71d3d31be681c7
-
SHA512
7e0bbb8de7e5962547485ab5f290a34d48a911bea232319f49396db31f3fa32227c645c128dfdd40f3a3ec4bf5d95a0d0834f9363557644563b2c30b14543867
-
SSDEEP
49152:HMkPFtlUkAnbCWfubDeuEqK0ZNMxGoe9B+YwR9HC3M8J09TmL+fMybjJks1Ce9la:HMAFfUXbTGiuu0ZNE/kBsRw3M20w+FbY
Score10/10-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Removes its main activity from the application launcher
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Uses Crypto APIs (Might try to encrypt user data).
-