Overview

overview

10

Static

static

7

f5fae514fe...54.apk

android-9-x86

10

f5fae514fe...54.apk

android-11-x64

10

HM_JsBridge.js

windows7-x64

1

HM_JsBridge.js

windows10-2004-x64

1

libwbsafeedit

debian-9-armhf

1

libwbsafeedit_64

ubuntu-18.04-amd64

libwbsafeedit_64

debian-9-armhf

libwbsafeedit_64

debian-9-mips

libwbsafeedit_64

debian-9-mipsel

libwbsafeedit_x86

ubuntu-18.04-amd64

1

libwbsafeedit_x86_64

ubuntu-18.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5fae514fe30195472f518406bf051d1d68faadae91262256cd39add69e3ea54.bin

  • Size

    1.6MB

  • Sample

    230911-1ykzssbc7w

  • MD5

    43f3dd52fa408eebb3055fb8a2b6d575

  • SHA1

    983ef555fd02dddb611868fb15fb7eeccfaa8ff4

  • SHA256

    f5fae514fe30195472f518406bf051d1d68faadae91262256cd39add69e3ea54

  • SHA512

    42c5214887cfa32ad7207ac1eaf25dfa1a37246a8f72473bb3ceb4bb6c56d797ee791e7bec6d0dfb87e1a4a8b5242745ff691a8121e99dba00883a8aea3fe1d0

  • SSDEEP

    49152:2kX3M1fm3fxfh4IYs7BuqWi1+nAn62lV8MV:2kX3M1fM4rh/nAn6AP

Score
10/10
octoandroidbankerevasioninfostealerlinuxransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://0n75w55jyk66.pw/MTU2OWE0NzJjNGY5/

https://oylg4z486xv4.info/MTU2OWE0NzJjNGY5/

https://13sf6uu6cvlm.la/MTU2OWE0NzJjNGY5/

https://papricasfla.bio/MTU2OWE0NzJjNGY5/

https://643y3mrh4m3d.in/MTU2OWE0NzJjNGY5/

https://xivadoivxa.info/MTU2OWE0NzJjNGY5/

https://6dtav5rvnh1q.in/MTU2OWE0NzJjNGY5/

https://decilaxcvz.life/MTU2OWE0NzJjNGY5/

https://9w28pp996g59.top/MTU2OWE0NzJjNGY5/

https://o3c31x4fqdw2.lt/MTU2OWE0NzJjNGY5/

https://s9rls3pp86p6.cc/MTU2OWE0NzJjNGY5/

https://a4ca15da511d151x.info/MTU2OWE0NzJjNGY5/

https://b1nkikaza12kinv21.live/MTU2OWE0NzJjNGY5/

https://f2kic1nam25n81k.cc/MTU2OWE0NzJjNGY5/
AES_key

Targets

    • Target

      f5fae514fe30195472f518406bf051d1d68faadae91262256cd39add69e3ea54.bin

    • Size

      1.6MB

    • MD5

      43f3dd52fa408eebb3055fb8a2b6d575

    • SHA1

      983ef555fd02dddb611868fb15fb7eeccfaa8ff4

    • SHA256

      f5fae514fe30195472f518406bf051d1d68faadae91262256cd39add69e3ea54

    • SHA512

      42c5214887cfa32ad7207ac1eaf25dfa1a37246a8f72473bb3ceb4bb6c56d797ee791e7bec6d0dfb87e1a4a8b5242745ff691a8121e99dba00883a8aea3fe1d0

    • SSDEEP

      49152:2kX3M1fm3fxfh4IYs7BuqWi1+nAn62lV8MV:2kX3M1fM4rh/nAn6AP

    Score
    10/10
    octobankerevasioninfostealerransomwareratstealthtrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

    • Target

      HM_JsBridge.js

    • Size

      1KB

    • MD5

      f2e7316750f128a4b72a61a9fc8ed362

    • SHA1

      228d0209618cb848f153a4c9daf45112dbe6a5ca

    • SHA256

      45bd4f9fbae5e062f1a2f2a3fb4d71e4de8b54990eb81a8f30bad83ecd6096aa

    • SHA512

      308760b82cfe9fdd625c8528a4ebb4d0a2186b4ffc9ee6d16e0f1ccb73c56e8cf6301c44ef139776242cb24bc9f43308951a4fff49854d0f08603801393aa41d

    Score
    1/10
    behavioral3behavioral4

    • Target

      libwbsafeedit

    • Size

      24KB

    • MD5

      4afddac0502e7cb0fca4c572ad7d0333

    • SHA1

      118871ff1d5a6baf2d4142b38347bce3c503b9db

    • SHA256

      f7f5ae4ace81d4ba4f9cc6c98da5f6f13fbd6dffdb1fe0dd590b72c45c7c183c

    • SHA512

      499835711c0efaf6e5e56a6598f0971e97a95c467c583fc24640f38051bcbfdfe81c5d76574b93c83b8c044fb302bb1706e89b4c40ff08126a3a7d20742ce99d

    • SSDEEP

      384:xYUDOjmjl6U/MdzjowXeuznj0r73vZ3/B+wN45SGgYH:xYU8glnx5+I4O4

    Score
    1/10
    behavioral5

    • Target

      libwbsafeedit_64

    • Size

      17KB

    • MD5

      c359c999b51ac7796345df0e22a22979

    • SHA1

      7f51cd9c21d0996a714e5ebad4c45ab02891f892

    • SHA256

      47f718a91cfeb4d4d43b29f4349aba842bd67dbd04f86399a3a7d3e5de93b68e

    • SHA512

      ee2a3fdb1a01f1df073a01744ddb18f6124a78d02a17d3baa040d2509fc86bbda82c88c7de008138c5db8afd1ba53a52b678106c288a1390e30a904025d420a2

    • SSDEEP

      192:R1FnYWGLwQf976SoIDHtvMninZqhnQM/0CWGs:Z9G/FtoITyni8nQMRls

    Score
    1/10
    behavioral6behavioral7behavioral8behavioral9

    • Target

      libwbsafeedit_x86

    • Size

      13KB

    • MD5

      988a50b97c5041cc07c0210c34660948

    • SHA1

      51d7f5ec1ec05e47eeed70a892110776d6d4bffb

    • SHA256

      11706e08b272fc1f6908c476dd3edb3f9b06664c9a58708192d8ce0e8eb97375

    • SHA512

      eb2dbd4de560aec5efed221d572a2f4e97420e4fc7c619415d756389785e3ef196184b745a1f7078dd208ffdfcf6c5583f4ac3285c0824323c37fa373b31b5d2

    • SSDEEP

      96:5pkXr19yG6iozEbtgcpDi0MhVdnKwofU6BslCOV6DAIIJhTl+yuoqslQ4dpW/WT8:kXr1HIitgcpDOhVdn4scOID9S+jo9Sl

    Score
    1/10
    behavioral10

    • Target

      libwbsafeedit_x86_64

    • Size

      18KB

    • MD5

      6ba345265cf17293637b32727cda895e

    • SHA1

      e57d851058fd66c2f060197a9d9f237b55832f3a

    • SHA256

      a2c3ccaa207b90b78d2c6ebd4e2992cef60784b14d690f591ff1f2382fc87143

    • SHA512

      fcd83d0f112e9374b871a1639c929c4cc6aa67864eab9838d5cc92d6fc58d59313e631c6b58b37d43f7e7f8348eb31f6b260581b258dd7387412911df2a6a97a

    • SSDEEP

      192:R3XXWOdX6AAMNAMNUMZ6N2AQtSKheb9YW155PM7yM/knYpuO8llZntH/uvg5EshW:F4MCMGMZHv4HV155PMn8YYrtfuvg51s

    Score
    1/10
    behavioral11

MITRE ATT&CK Matrix

Tasks