General
-
Target
4edfda2401c48da8c0cf205daeafc7f2ece3044245333062f258961e21827dee.bin
-
Size
541KB
-
Sample
230916-1ws8dsge63
-
MD5
831b72515b0ac0f2a514518b5f1444d5
-
SHA1
8d2b6b3b661f083bd57ffe1f1b01281e2760ba47
-
SHA256
4edfda2401c48da8c0cf205daeafc7f2ece3044245333062f258961e21827dee
-
SHA512
fbc47a46814cb3dbdce63f65a1240ccc068e3e2c6b0414d8febbd3edabb4ded0540e57834f345564554113baaf92a72d6ec1e3e2ac826260429cb8cbe7f59817
-
SSDEEP
12288:qIsQrYaoDEZ88wwJwDXkx6yQelhpamxEFOBjzflQvYhicj/ekchF:qIsQrYY8qrrtli/OBjLlQvaiczYF
Static task
static1
Behavioral task
behavioral1
Sample
4edfda2401c48da8c0cf205daeafc7f2ece3044245333062f258961e21827dee.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
4edfda2401c48da8c0cf205daeafc7f2ece3044245333062f258961e21827dee.apk
Resource
android-x64-arm64-20230831-en
Malware Config
Extracted
octo
https://176.111.174.92/ZTIyNTVmMmE1NzNl/
https://12logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://13logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://14logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://15logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://16logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://17logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://18logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://19logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://20logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://21logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://22logites432532s.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan101.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan102.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan103.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan104.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan105.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan106.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan107.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan108.xyz/ZTIyNTVmMmE1NzNl/
https://kalpazanlan109.xyz/ZTIyNTVmMmE1NzNl/
Targets
-
-
Target
4edfda2401c48da8c0cf205daeafc7f2ece3044245333062f258961e21827dee.bin
-
Size
541KB
-
MD5
831b72515b0ac0f2a514518b5f1444d5
-
SHA1
8d2b6b3b661f083bd57ffe1f1b01281e2760ba47
-
SHA256
4edfda2401c48da8c0cf205daeafc7f2ece3044245333062f258961e21827dee
-
SHA512
fbc47a46814cb3dbdce63f65a1240ccc068e3e2c6b0414d8febbd3edabb4ded0540e57834f345564554113baaf92a72d6ec1e3e2ac826260429cb8cbe7f59817
-
SSDEEP
12288:qIsQrYaoDEZ88wwJwDXkx6yQelhpamxEFOBjzflQvYhicj/ekchF:qIsQrYY8qrrtli/OBjLlQvaiczYF
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-