Overview

overview

10

Static

static

7

8f0284b41c...d7.apk

android-9-x86

10

8f0284b41c...d7.apk

android-11-x64

10

Resubmissions

25-09-2023 22:25

230925-2b2vgacd8s 10

25-09-2023 22:02

230925-1x9a1ade43 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f0284b41c15c0c6745aa86b340f31b5c3f7d5ebc18017eaced95301d39f98d7.bin

  • Size

    541KB

  • Sample

    230925-2b2vgacd8s

  • MD5

    c5b77da398a9234ec7a8137fb49981d7

  • SHA1

    27ead5af5ecc90dec8481c645ab317c5dcf23655

  • SHA256

    8f0284b41c15c0c6745aa86b340f31b5c3f7d5ebc18017eaced95301d39f98d7

  • SHA512

    9e15a105e5ee65ce9df8716d8e7fc3390dff77d04fb97e05748922572c6a37f8639f37d4e41f464006a839643422fc796583efe251761a7987e52644219b46d8

  • SSDEEP

    12288:+kOkEiUWX4/jo/Ib54fejzv70xB0KiaDMtr+cY49nJ:Cni5X4/joQtXjKiJ1+z0nJ

Score
10/10
octoandroidbankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://waytoupio.click/M2I2NGMzMzk4YzM0/

https://acsmartio.tech/M2I2NGMzMzk4YzM0/

https://apppro.live/M2I2NGMzMzk4YzM0/

https://waytoupio.click/m2i2ngmzmzk4yzm0/M2I2NGMzMzk4YzM0/

https://acsmartio.tech/m2i2ngmzmzk4yzm0/M2I2NGMzMzk4YzM0/

https://apppro.live/m2i2ngmzmzk4yzm0/M2I2NGMzMzk4YzM0/
AES_key

Targets

    • Target

      8f0284b41c15c0c6745aa86b340f31b5c3f7d5ebc18017eaced95301d39f98d7.bin

    • Size

      541KB

    • MD5

      c5b77da398a9234ec7a8137fb49981d7

    • SHA1

      27ead5af5ecc90dec8481c645ab317c5dcf23655

    • SHA256

      8f0284b41c15c0c6745aa86b340f31b5c3f7d5ebc18017eaced95301d39f98d7

    • SHA512

      9e15a105e5ee65ce9df8716d8e7fc3390dff77d04fb97e05748922572c6a37f8639f37d4e41f464006a839643422fc796583efe251761a7987e52644219b46d8

    • SSDEEP

      12288:+kOkEiUWX4/jo/Ib54fejzv70xB0KiaDMtr+cY49nJ:Cni5X4/joQtXjKiJ1+z0nJ

    Score
    10/10
    octobankerevasioninfostealerransomwareratstealthtrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks