General
-
Target
652127b853095246d8135e4a399b0fa71f9f7a919bd5e29a0d4599d247d146c8.bin
-
Size
661KB
-
Sample
230927-1w4dcsfh74
-
MD5
042bc03808c5c5628bd727afe78f2691
-
SHA1
a95fe5a7409335102fb7ec6bc7264d8b3b4cc080
-
SHA256
652127b853095246d8135e4a399b0fa71f9f7a919bd5e29a0d4599d247d146c8
-
SHA512
845463a2193bc7a9117a02f08357838be8ceb40d1d2eb068cb76e51da4f337d44888190f8a206a4557076f0693c9deeff264bbdad5efe3383962a1d471649028
-
SSDEEP
12288:15d+vZUCpehCOYIBodw3xqrDTLLYa3M6v7dqA69Pc34AEe5k4eVuFqbfUTalq:1n+xU3w1whqt3M6v7dqh9P8XEe5NHqr2
Static task
static1
Behavioral task
behavioral1
Sample
652127b853095246d8135e4a399b0fa71f9f7a919bd5e29a0d4599d247d146c8.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
652127b853095246d8135e4a399b0fa71f9f7a919bd5e29a0d4599d247d146c8.apk
Resource
android-x64-20230831-en
Malware Config
Extracted
octo
https://185.225.75.19/YjRkZjE0NTUyNzZm/
https://otakikotaik4234234.net/YjRkZjE0NTUyNzZm/
https://otakikotaik3234234.net/YjRkZjE0NTUyNzZm/
https://otakikotaik1334534.net/YjRkZjE0NTUyNzZm/
https://otakikotaik1224634.net/YjRkZjE0NTUyNzZm/
https://otakikotaik6423234.net/YjRkZjE0NTUyNzZm/
Targets
-
-
Target
652127b853095246d8135e4a399b0fa71f9f7a919bd5e29a0d4599d247d146c8.bin
-
Size
661KB
-
MD5
042bc03808c5c5628bd727afe78f2691
-
SHA1
a95fe5a7409335102fb7ec6bc7264d8b3b4cc080
-
SHA256
652127b853095246d8135e4a399b0fa71f9f7a919bd5e29a0d4599d247d146c8
-
SHA512
845463a2193bc7a9117a02f08357838be8ceb40d1d2eb068cb76e51da4f337d44888190f8a206a4557076f0693c9deeff264bbdad5efe3383962a1d471649028
-
SSDEEP
12288:15d+vZUCpehCOYIBodw3xqrDTLLYa3M6v7dqA69Pc34AEe5k4eVuFqbfUTalq:1n+xU3w1whqt3M6v7dqh9P8XEe5NHqr2
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-