General

  • Target

    base.apk

  • Size

    1.5MB

  • Sample

    230913-er56hahc5y

  • MD5

    a71aa3d17a38583849afd9784f4df906

  • SHA1

    f99036e9402532a9d0f030267cb77083428db58d

  • SHA256

    1daf1b1c9460b9e4beeb9bfd2e901c848030b83090b4f4f7fa3d62076c5d22b4

  • SHA512

    56f3d75a24d47e5593252c6455d0f8672c7beaa4e309586c60cfbc1a54fefdae176e77b630f1729b8bc686f2f702b3c445104e15c37b9442aaf50a02547dc5ad

  • SSDEEP

    24576:ADe+m94W42eLF5hMq85JsnLf7JA111111SLQ43kgKlrxKdSQtgBdkQpYpb65ZB5S:3943ZbkJOf7vYplrxKdS8kpPHgca49M

Malware Config

Extracted

Family

octo

C2

https://spaceopensta.online/YWRhZjAxNGM1YjFh/

https://marmont.site/YWRhZjAxNGM1YjFh/

https://yupinytr.pw/YWRhZjAxNGM1YjFh/

https://kopenhard.host/YWRhZjAxNGM1YjFh/

https://bugutar.ru/YWRhZjAxNGM1YjFh/

https://bugutar.store/YWRhZjAxNGM1YjFh/

AES_key

Targets

    • Target

      base.apk

    • Size

      1.5MB

    • MD5

      a71aa3d17a38583849afd9784f4df906

    • SHA1

      f99036e9402532a9d0f030267cb77083428db58d

    • SHA256

      1daf1b1c9460b9e4beeb9bfd2e901c848030b83090b4f4f7fa3d62076c5d22b4

    • SHA512

      56f3d75a24d47e5593252c6455d0f8672c7beaa4e309586c60cfbc1a54fefdae176e77b630f1729b8bc686f2f702b3c445104e15c37b9442aaf50a02547dc5ad

    • SSDEEP

      24576:ADe+m94W42eLF5hMq85JsnLf7JA111111SLQ43kgKlrxKdSQtgBdkQpYpb65ZB5S:3943ZbkJOf7vYplrxKdS8kpPHgca49M

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

    • Target

      fyb_iframe_endcard_tmpl.html

    • Size

      521B

    • MD5

      331ab67d131439c4c50e02a3d7445008

    • SHA1

      675ac8d91e0a2fe211d49a8e42f20f018c4bd50c

    • SHA256

      efdac80cdb4576d2e0d93512348e9dbdb06e69e23a1db81838dc5e40a16715d9

    • SHA512

      eba60283d7d5562d3e27a9d5f9f382de621474796e68c4c7b8bf06fd20b081f5aa657ab58d988f40e76883eb8459e3b44f8f31f10424f6d181bffc3c28041e04

    Score
    1/10
    • Target

      fyb_static_endcard_tmpl.html

    • Size

      3KB

    • MD5

      d18fb1787ce0e84567496b8564e452aa

    • SHA1

      007033d0824685600611af6992060577e127dd23

    • SHA256

      2ae5e0576febb1a1cd63b10bf71644f99fcfd0fe7fb1f2d19525594165294e51

    • SHA512

      ba5225a80941e3ee4ff18401b910968a6cab47634914ecb68213599b96fd4b39c8722e82bf2883faf355d9416a6f2acaa36151a5d8969079cfcd4c6795f6003b

    Score
    1/10
    • Target

      icons_1_18_1620803672.data

    • Size

      63KB

    • MD5

      2a2e088484d7ce9a744d538bdda2b7f7

    • SHA1

      82dc2386f063cdf46ff8afa22fc8252126d002d7

    • SHA256

      37982a1b17414f5d6da73cf15f98ce3c3469f0a0e8ed67755e80d3b44d09dfea

    • SHA512

      b8262e13afb3e11cc7e8d98c379e31d86f5f98eba27c4f26b42dabf8c558ada83854ece744ed97f317f324997ffea9a0b853b370b4bf1a6b8827d1acb77daf37

    • SSDEEP

      1536:qklomKn6oqBBH0y2ubJn/KF6KiWHVqzQJGwTTcWrR:qZgBd0F8iF6jIrJGwcAR

    Score
    3/10
    • Target

      icons_24_18_1619768490.data

    • Size

      13KB

    • MD5

      78e8bb4ed59c414ba6c724d53e8de69e

    • SHA1

      8ade899f16e0ef6440a28035e9590a147c1748fc

    • SHA256

      2073ee6b108f2b4a40f9cd08b6a075bc840f3f20a2f01385d591ff2d7ea26334

    • SHA512

      adc67e4ea645aadcadef30313a9237ff584ae6d8f992073059eaca0c2bbfad018e5b01ad66a9db99e6bb31ac262d7ac610b0f2f0d1b753bde7de6c83967a8547

    • SSDEEP

      384:qGKpxxRUYK8fkoTt4CMYIcVY414Bod5vg:LExxRUYLfko3N641485vg

    Score
    3/10
    • Target

      library.swf

    • Size

      585B

    • MD5

      0a6fe4b88a814e64a1a8e34df22b20c2

    • SHA1

      16d13e07f46aa36972a1eb244ce73efcdf97fb2e

    • SHA256

      756c893a97648548fd302cec096ce2e477a64d5c2f74f8183b021a32ea869c1d

    • SHA512

      ecfcd7cce4862e4ae47c5d4ec06f422a5cdd3133035b6a2f7bfd25f60a50723168a7a2c44e755abf38407091ceedae0db23db959619a32a7ea282ea3994c39b3

    Score
    3/10
    • Target

      libysshared.so

    • Size

      269KB

    • MD5

      507406126e2309871457b419e37af1c1

    • SHA1

      4e30a27c1a378d74cea2710a9a914edc6bb58776

    • SHA256

      1d336808b213823258a91aac32c6ba570a99048ac9aae0a104c033ce412aea23

    • SHA512

      426ab468df1ba5374d417b368330ba4a8df79e008aadfd756f5035f1591d81ce9e3ae515357ec375933c59ae61c86e6d5b25bd117f34baca3ed81e68d2845171

    • SSDEEP

      6144:DFHNZY8iyL6fT0GZw+rM6XWRSSGXcs5LVYVoL2l:DFtZYl83GW+A63zjfKl

    Score
    1/10
    • Target

      vpaid_html_template.html

    • Size

      16KB

    • MD5

      7d7cb3d6c22da954fccb084f6c18ee01

    • SHA1

      529871b15146f802c1c1fe2342b31db9e328bb7b

    • SHA256

      05cb7160ec6766397cacbfc5d57373edbcb028917d81e2f2d748e27086db23cf

    • SHA512

      a73d034079dba15d38bd14ddb81afd8af51b31a5c80cd83346556e7ca7f2ec927511ec3c151abf7cdc108ac4671b7623066e0375b30536e1503125354fa1a15b

    • SSDEEP

      192:mrLYJFkVvGFQshArPtP842+Lw1wOEeR6kad8bWXSrJEBOn8TsjNC4ck8aanlDTtI:8U42Fn9qW4+EQNuSXIlodo4

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks