Overview

overview

10

Static

static

7

7461c3dccd...5b.apk

android-9-x86

10

7461c3dccd...5b.apk

android-11-x64

10

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7461c3dccd52b577d3f6be9e9c0c1d61a159e7b24554e6407f52a2f334469d5b.bin

  • Size

    2.2MB

  • Sample

    230920-1wxktaah3t

  • MD5

    94d4319d570d513a8c650c36be647d12

  • SHA1

    02f3f0265bd49267b164086813adbaa41c251e44

  • SHA256

    7461c3dccd52b577d3f6be9e9c0c1d61a159e7b24554e6407f52a2f334469d5b

  • SHA512

    feebb8647b0ccda267fe7268a731485e7a1ea18056251fee9c48e50734dc31724752d18118bce4fe83d2457aee5d06be8c93dfb29a53e8dbc590e353cf998668

  • SSDEEP

    49152:YfoSTgpefV301lkM9MekZJ6fKVNwaJi7iCrJXuZGZbmqRNmbAE4KoSy:soxpe1dZJ6feN9cLJXuZQ/R5d

Score
10/10
octoandroidbankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://chroww.top/MmEzNTkzZDFkOWQz/

https://lauytropo.net/MmEzNTkzZDFkOWQz/

https://bobnoopo.org/MmEzNTkzZDFkOWQz/

https://junggvrebvqq.org/MmEzNTkzZDFkOWQz/

https://junggpervbvqqqqqq.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqgroup.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnetok.com/MmEzNTkzZDFkOWQz/

https://superjunggvbvqqww.com/MmEzNTkzZDFkOWQz/

https://junggvbvqqnewsww.com/MmEzNTkzZDFkOWQz/

https://dejunggdejunggww.com/MmEzNTkzZDFkOWQz/

https://dejunggdejpopopounggq.com/MmEzNTkzZDFkOWQz/

https://dejunggdejunyyyyyggq.com/MmEzNTkzZDFkOWQz/

https://shopjunggvbvqq.com/MmEzNTkzZDFkOWQz/

https://nggvbvqqwq.com/MmEzNTkzZDFkOWQz/

https://nggvbvqqdfdsfsq.com/MmEzNTkzZDFkOWQz/

https://nggvbvqqopooq.com/MmEzNTkzZDFkOWQz/
AES_key

Targets

    • Target

      7461c3dccd52b577d3f6be9e9c0c1d61a159e7b24554e6407f52a2f334469d5b.bin

    • Size

      2.2MB

    • MD5

      94d4319d570d513a8c650c36be647d12

    • SHA1

      02f3f0265bd49267b164086813adbaa41c251e44

    • SHA256

      7461c3dccd52b577d3f6be9e9c0c1d61a159e7b24554e6407f52a2f334469d5b

    • SHA512

      feebb8647b0ccda267fe7268a731485e7a1ea18056251fee9c48e50734dc31724752d18118bce4fe83d2457aee5d06be8c93dfb29a53e8dbc590e353cf998668

    • SSDEEP

      49152:YfoSTgpefV301lkM9MekZJ6fKVNwaJi7iCrJXuZGZbmqRNmbAE4KoSy:soxpe1dZJ6feN9cLJXuZQ/R5d

    Score
    10/10
    octobankerevasioninfostealerransomwareratstealthtrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

    • Target

      license.html

    • Size

      30KB

    • MD5

      a095d4be2768cb6d37f9aa2de90a8a67

    • SHA1

      2c87de9a26cf1ee17d701c333f088db314b1bce1

    • SHA256

      30d2be0e050b7f1ec5e390326cefedb6e4a6304f5e2a623d0f7678cb67ff308b

    • SHA512

      0ec91a396b39029ec6585215e777495d97e72191438ec37d93e203931a1ac79b1a966e201b9b92982439e3d372f82af98a64914647464d30e1f7f3ab8a558998

    • SSDEEP

      768:/03s/uZ7je9IeMkkEdgC3BOgNMXUgPGaMx6NzJhCgaZpGgPGaxvam:/0c/uZ7je9IeMFIgeOgNMXUg6x6NzJhu

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks