Overview
overview
10Static
static
7base.apk
android-9-x86
10base.apk
android-11-x64
10AForm.js
windows7-x64
1AForm.js
windows10-2004-x64
1App.js
windows7-x64
1App.js
windows10-2004-x64
1Doc.js
windows7-x64
1Doc.js
windows10-2004-x64
1EScriptString.js
windows7-x64
1EScriptString.js
windows10-2004-x64
1Event.js
windows7-x64
1Event.js
windows10-2004-x64
1Field.js
windows7-x64
1Field.js
windows10-2004-x64
1PinDialog.html
windows7-x64
1PinDialog.html
windows10-2004-x64
1StatusInfo.html
windows7-x64
1StatusInfo.html
windows10-2004-x64
1Util.js
windows7-x64
1Util.js
windows10-2004-x64
5WebviewSocket.html
windows7-x64
1WebviewSocket.html
windows10-2004-x64
1adc_reader...d.html
windows7-x64
1adc_reader...d.html
windows10-2004-x64
1adc_reader...d.html
windows7-x64
1adc_reader...d.html
windows10-2004-x64
1caret-comment.xml
windows7-x64
1caret-comment.xml
windows10-2004-x64
3chevron-next.xml
windows7-x64
1chevron-next.xml
windows10-2004-x64
3chevron-prev.xml
windows7-x64
1chevron-prev.xml
windows10-2004-x64
3General
-
Target
base.apk
-
Size
1.2MB
-
Sample
230912-tt7jnsgg28
-
MD5
b3489e4c5ffeaa499a3c6883547e9af0
-
SHA1
14244c3e3a4290ec86270b4774e3502b88e01986
-
SHA256
8d1cc8d3d9ede403392baa4534eb3cf0bc8a8dc8d2df432e8d443c94fde60d6d
-
SHA512
e67e008fa6ef9353e367f0fefaf099dcb741bb48c8f752703508de32fd51babfbac6bd07c7bb77f061a41abc3a8db74e37a516b2dca5d1ff78406c38b9a1a076
-
SSDEEP
24576:xkQ8+z3NAFD4tMRFL/8hdW7FlY9tVd03XtvMu1uRpc29t:S2SFiAafWvY9pidj1YCE
Static task
static1
Behavioral task
behavioral1
Sample
base.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
base.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral3
Sample
AForm.js
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
AForm.js
Resource
win10v2004-20230831-en
Behavioral task
behavioral5
Sample
App.js
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
App.js
Resource
win10v2004-20230831-en
Behavioral task
behavioral7
Sample
Doc.js
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
Doc.js
Resource
win10v2004-20230831-en
Behavioral task
behavioral9
Sample
EScriptString.js
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
EScriptString.js
Resource
win10v2004-20230831-en
Behavioral task
behavioral11
Sample
Event.js
Resource
win7-20230831-en
Behavioral task
behavioral12
Sample
Event.js
Resource
win10v2004-20230831-en
Behavioral task
behavioral13
Sample
Field.js
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
Field.js
Resource
win10v2004-20230831-en
Behavioral task
behavioral15
Sample
PinDialog.html
Resource
win7-20230831-en
Behavioral task
behavioral16
Sample
PinDialog.html
Resource
win10v2004-20230831-en
Behavioral task
behavioral17
Sample
StatusInfo.html
Resource
win7-20230831-en
Behavioral task
behavioral18
Sample
StatusInfo.html
Resource
win10v2004-20230831-en
Behavioral task
behavioral19
Sample
Util.js
Resource
win7-20230831-en
Behavioral task
behavioral20
Sample
Util.js
Resource
win10v2004-20230831-en
Behavioral task
behavioral21
Sample
WebviewSocket.html
Resource
win7-20230831-en
Behavioral task
behavioral22
Sample
WebviewSocket.html
Resource
win10v2004-20230831-en
Behavioral task
behavioral23
Sample
adc_readermobile_getstarted.html
Resource
win7-20230831-en
Behavioral task
behavioral24
Sample
adc_readermobile_getstarted.html
Resource
win10v2004-20230831-en
Behavioral task
behavioral25
Sample
adc_readermobile_sso_getstarted.html
Resource
win7-20230831-en
Behavioral task
behavioral26
Sample
adc_readermobile_sso_getstarted.html
Resource
win10v2004-20230831-en
Behavioral task
behavioral27
Sample
caret-comment.xml
Resource
win7-20230831-en
Behavioral task
behavioral28
Sample
caret-comment.xml
Resource
win10v2004-20230831-en
Behavioral task
behavioral29
Sample
chevron-next.xml
Resource
win7-20230831-en
Behavioral task
behavioral30
Sample
chevron-next.xml
Resource
win10v2004-20230831-en
Behavioral task
behavioral31
Sample
chevron-prev.xml
Resource
win7-20230831-en
Behavioral task
behavioral32
Sample
chevron-prev.xml
Resource
win10v2004-20230831-en
Malware Config
Extracted
octo
https://xsh60v8222sg.top/MTU2OWE0NzJjNGY5/
https://oylg4z486xv4.info/MTU2OWE0NzJjNGY5/
https://17cvtky2s4rl.site/MTU2OWE0NzJjNGY5/
https://8e1jgvo65s9r.online/MTU2OWE0NzJjNGY5/
https://a4ca15da511d151x.info/MTU2OWE0NzJjNGY5/
https://b1nkikaza12kinv21.live/MTU2OWE0NzJjNGY5/
https://f2kic1nam25n81k.cc/MTU2OWE0NzJjNGY5/
Targets
-
-
Target
base.apk
-
Size
1.2MB
-
MD5
b3489e4c5ffeaa499a3c6883547e9af0
-
SHA1
14244c3e3a4290ec86270b4774e3502b88e01986
-
SHA256
8d1cc8d3d9ede403392baa4534eb3cf0bc8a8dc8d2df432e8d443c94fde60d6d
-
SHA512
e67e008fa6ef9353e367f0fefaf099dcb741bb48c8f752703508de32fd51babfbac6bd07c7bb77f061a41abc3a8db74e37a516b2dca5d1ff78406c38b9a1a076
-
SSDEEP
24576:xkQ8+z3NAFD4tMRFL/8hdW7FlY9tVd03XtvMu1uRpc29t:S2SFiAafWvY9pidj1YCE
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-
-
-
Target
AForm.js
-
Size
47KB
-
MD5
66705bdb519b50855be6786fbf2332ff
-
SHA1
5e170b8fc2b22a2e442c4b61250102ad18a0cf72
-
SHA256
ccf9e1770c6d294b03efb2163e2c92807932850cd42c4fed7fe31e09efdf5edb
-
SHA512
f9f19366d0c16674236c09f0b4742f8d554d0f63c747c6e39dbe3d8ef7dc5310823758192df1b9d2b153eb9fa99cb12948c5da9458af7bb147df0e064868c0cb
-
SSDEEP
768:GJeXUtYM2HwlkxEUemNiTSAETsAIcBZ6i:GJeb5xEvJGAETsAIcBZ6i
Score1/10 -
-
-
Target
App.js
-
Size
3KB
-
MD5
8b1e0d7d5825bc255e85b628680d4599
-
SHA1
26d076ddd99f6128fb3a170592d0996758b727ca
-
SHA256
3ed0eceeec0c16f2840c1ed8d9ab6b36b6a0ef2c12aab0115aeaa96395a929fa
-
SHA512
4dea8bd30e25fc37747c50e7d9cd4a9e2deb6f70397f8d127fad6c421a08609d26b24ba93c1efa142cf7aeb5bfe940b2ec3e788554dad27fddc8daf04843325e
Score1/10 -
-
-
Target
Doc.js
-
Size
8KB
-
MD5
aa70d22c5273671fd63e864cca3436dd
-
SHA1
f62637983a544ac1ab719f65e639035b271bb4da
-
SHA256
2ce8323c8080ffae81cfcf35e17786bacd17fca188bc91e1e8279dc84e80fa57
-
SHA512
582c403dc516db41e07e71c4088c1265ee7236832e9228bb735f72023a054d0f4d36634cb199246bffc3eb8ab0e19cdb2eb373744bef2b6e2358406f1a463f17
-
SSDEEP
192:J2Wlj8jXm1A2IFWf8a3Gy9QeuXP9IFpw5J4HLRgqUgyHjkrfuTtRoV8l6gfOen87:7V1AoFBd
Score1/10 -
-
-
Target
EScriptString.js
-
Size
1KB
-
MD5
75cf71cae9a140b9f2b35070d50463d6
-
SHA1
3711cd41876bf0725334ebda26dea31103ac243e
-
SHA256
cbd45dcb18753da74464d8f4048484b6ce8cc7d3be877c224f5886f95373ecb1
-
SHA512
ee512549bf60090e81a3a2ee3be57a559e82b78bea24e7ee427cd2289297c5e7ee8d3e110c2e4e32a89f0a6dc13f9f9af22cee026ab20dab7118cba05af3684c
Score1/10 -
-
-
Target
Event.js
-
Size
7KB
-
MD5
56d8258a5a428a40d1c6f49c6246f17e
-
SHA1
699462195a070f9bbb5b0758dfda7854bff8d8cd
-
SHA256
3f238434c540a9bf07f33e3a46b99d295b5204c44d2c0ee470c03c985d1d10ef
-
SHA512
11169f1fdb031f2e7d090f21e2c434fb116933ac392bd41c24ebfde9f807f7aceb85fcfc9740a9fe77948e9a21bb40a95d6f65107d212d882d89235e19d7547c
-
SSDEEP
192:J2E6a8CInLvxMFbeCkUS+ondXaT5gFKDLkkPMu3GbvOMg4+z8ZBlMH7tzGyvsa6A:Z6a8C6Gm+cKJnA3Y7Se
Score1/10 -
-
-
Target
Field.js
-
Size
6KB
-
MD5
d403a379c4405889b510a51c13d26e5c
-
SHA1
8a87a621e484a99a8c71d3575e34d4ad746750a4
-
SHA256
3b7ec75ae8ac3ebeeb5be5bd9246a6e22ee61247279fafba2fcfdc88c4f593f4
-
SHA512
9e69e85f00d8dea80aedc9e217a6ab3ed598ef0d770ca030f77b67f6c0aa4378977c6511b225eb74732f322edd31260b37759c4fd74d26dd250a206bbc6f9e98
-
SSDEEP
192:J2CKNE70ZPBYw28Vw6gxgPgjgKgggngygUgBg/g1g6gHgsgogrgGgPgEg4g+gCgm:TyEgZZe8Qi4EDRg7NyouzA1p8H495vLm
Score1/10 -
-
-
Target
PinDialog.html
-
Size
23KB
-
MD5
1ec135cf7cf78c44d30b8e6032f8854e
-
SHA1
757521dee4de9c2aeb0055c7962a5bb8fd0b421a
-
SHA256
a2f1f37a925e48e853d0eedbd1a9bba1cdfc7c92601f7554d12c040a8254fb41
-
SHA512
da57a65d24eefd2f4d0523b2eb38412d522b5b486da822f1950fa02d93ad9646e91a0c8134d7ed3002306e4c74cc15d48584c17ca7e4fca3a3a31765d3bb906a
-
SSDEEP
384:7xwlAA1lBaD+GD0C/DimrBVUg6eojeSKwtw6n1vLGnC561kt0AlqC1xiDiL:lwl9za+S0Uimr7Ug6eo8fqUmL
Score1/10 -
-
-
Target
StatusInfo.html
-
Size
6KB
-
MD5
e605dc5fea92a1af55a4573e36d9a133
-
SHA1
d3f0044d829d7949802af22c7ae4f55a9c9f9ea3
-
SHA256
ddd1714e00ba6930349251258f5d09656ad1fd488acea02a5608acff9ba046ae
-
SHA512
abb4572252786c3dd78c26ed0bbdb1d4bc2174c99e9a128681c8df4f19d6dd4cd0980d8f69a54eeffa0fbe329be452c17dc937ecac7f46690d08c79236366c83
-
SSDEEP
192:cNjCjAYLhO/jXuXkZyjLFoFeforFowe3CDC4u4ZqnfPyDSBnYe:Z0yI+pLFoFTFZDanf6MJ
Score1/10 -
-
-
Target
Util.js
-
Size
19KB
-
MD5
f9262d52da3c06125cec75e8d041b054
-
SHA1
5ebd325bb4fa4f14888e22c949f5d8ee125d82b7
-
SHA256
b0faacd675b6e470f3073dc96369e079fb6697cea64d6cb2052da1783e15a83f
-
SHA512
011eb8d19eade378f286d2e38c4c14228d4d3e024858112e5dd3c3949f64f05af6f0aeac28015e2dcd1f9b0deba9fe2796d7087da1da756df13758a29adab32d
-
SSDEEP
192:J2bMVcKMC8xXKyK/cPxaDtSC6V/yiQ5mSm85my4NcKY/8g8cw+zxGStOOGKfQCZL:cMVECcP8oKoCZdKACh+hIpVpPTBdiF
Score5/10-
Drops file in System32 directory
-
-
-
Target
WebviewSocket.html
-
Size
2KB
-
MD5
2546f2440d01152a2ed1a602e22c4b28
-
SHA1
badf1999d99f337a206a448283b7f6fea86a2ba8
-
SHA256
9313ca3e22a95d7956ea05b36120a27f673b82611037dbbb8f887a58fdf90933
-
SHA512
64d0f51d91942aa8041992d376b3b28e4ef4e62b119324afcccae9e05bc929843f130ee680cb396395b0d0b55945691c3667ec6b52a603686287de2ce3fd5cce
Score1/10 -
-
-
Target
adc_readermobile_getstarted.html
-
Size
19KB
-
MD5
6634125ae03a19970d6ab1656e841af4
-
SHA1
b284f647afb8b5d40098ab05246ddad150647fba
-
SHA256
6e8b89a8d5b04e8f3a6e45c2b9102640fe10ca1806ae3d3b881bb5da53e93f6a
-
SHA512
98fae955975fbcd7e57ac1dfd429e05c073b6d0aa49d2418c7541d9d058fdf2fa16b0550789c52795472e0d966a9e1f327025a61f53b4f892df7af1e81a8c301
-
SSDEEP
192:EgjgE1zZyPTc/3yWGwVyfO5g957vgrCL5gfS+i1nt0uf8G1xx5HdXEiPRAUKVuDD:1BXOP9tuUFDmQ98kZ8G
Score1/10 -
-
-
Target
adc_readermobile_sso_getstarted.html
-
Size
8KB
-
MD5
3896f465518cd69a57b205dc7b960a26
-
SHA1
c41f0ccbb0818a104485faae08278816c0c60520
-
SHA256
ed5c3abdd9a53ae04001281e565d5ecb4c9c5094581d17065f0280d5a62d5d29
-
SHA512
d375ed3064515d30cb6fb6b5a035d77276adf857020c5d6857e2b64eb857de4fb218786987e37d4370c0493800c17246d305b33b682af1596870451013b23fdd
-
SSDEEP
192:IwAqGNE1z5yzllngPAmd4PKqxzKJVJKgCNAEb:PfG2X+MPAmd4PKqw3tCX
Score1/10 -
-
-
Target
caret-comment.svg
-
Size
501B
-
MD5
25c3929d8ffe8dc86ae6f9cb4a50afc0
-
SHA1
3a1da18fabea1abbf6f191920adad57f9b18efc5
-
SHA256
8461d903957c1c7f0f1d9951df6beb2ea9e6c63f00536aa00cce6a40002693c4
-
SHA512
b584b3dc78136633754d9f25c79002c3df049610ac67ea0c858099e73f34b5e62d3d4d526ff3d57b927ddf8ffaae20cebca533afc4c2ef7fadd543be1da5fad2
Score3/10 -
-
-
Target
chevron-next.svg
-
Size
668B
-
MD5
ccee96878a4a24a06888788d7dbd9041
-
SHA1
7404f891ff02f9cb55cdf9e1d6c4dfb3487b9c72
-
SHA256
27471a947d03c43ce45cb16aa5391d0420bfbce6edc22c7616c6056a770e8d2d
-
SHA512
1739c7c38eb7b7f3b96d4af2fc51d264a307d99eade90764e76fb6176638b045b3f09e16871502e805f186ebe0a6e55270570a8d79e129cf2bc3cbc82e1a8094
Score3/10 -
-
-
Target
chevron-prev.svg
-
Size
667B
-
MD5
8649a8c26fe14e745166f8e89ee4fa1e
-
SHA1
9108289d4557a829b0451be74f4fcffeb4c80407
-
SHA256
f71875352eca0c05c1a3891d8cb6e0c194ccda716f73e3ebcb0868aff2d592d0
-
SHA512
4b94a211f66c63b910dbd46872324c12c802d623ae6da054d60022378cf0d730deacf7e27d90eebacaedfb035cc6799ea0b99233baf45c158912384980ba928e
Score3/10 -