General
-
Target
9381504e30cfad1f92972d4e68ad823163c59979f48e8e4c908b3b68b302dd5d.bin
-
Size
661KB
-
Sample
230927-1w72jsfh75
-
MD5
7ea5a3790de7443eda95dc4998709a4b
-
SHA1
c386e4692a422eaceb21d3a1974d9ed79675bbd8
-
SHA256
9381504e30cfad1f92972d4e68ad823163c59979f48e8e4c908b3b68b302dd5d
-
SHA512
49f78b212277418a8c0ab8e2bc1b1f733a98d57b6f38e1112d979fcc947eff71654e877c308f2d0e707129464cb86fcfc6adb709b3d73fa231ce02c360200d32
-
SSDEEP
12288:7LrjpzvgzCpehCOYIBodw3xqrDTLCfg3PAIr8q3YD3D6wZpzXBaMNLfcGXuDf:7L/lv63w1whqwg3PArAYD3xZpbBaMNDI
Static task
static1
Behavioral task
behavioral1
Sample
9381504e30cfad1f92972d4e68ad823163c59979f48e8e4c908b3b68b302dd5d.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
9381504e30cfad1f92972d4e68ad823163c59979f48e8e4c908b3b68b302dd5d.apk
Resource
android-x64-20230831-en
Malware Config
Extracted
octo
https://185.225.75.19/YjRkZjE0NTUyNzZm/
https://otakikotaik4234234.net/YjRkZjE0NTUyNzZm/
https://otakikotaik3234234.net/YjRkZjE0NTUyNzZm/
https://otakikotaik1334534.net/YjRkZjE0NTUyNzZm/
https://otakikotaik1224634.net/YjRkZjE0NTUyNzZm/
https://otakikotaik6423234.net/YjRkZjE0NTUyNzZm/
Targets
-
-
Target
9381504e30cfad1f92972d4e68ad823163c59979f48e8e4c908b3b68b302dd5d.bin
-
Size
661KB
-
MD5
7ea5a3790de7443eda95dc4998709a4b
-
SHA1
c386e4692a422eaceb21d3a1974d9ed79675bbd8
-
SHA256
9381504e30cfad1f92972d4e68ad823163c59979f48e8e4c908b3b68b302dd5d
-
SHA512
49f78b212277418a8c0ab8e2bc1b1f733a98d57b6f38e1112d979fcc947eff71654e877c308f2d0e707129464cb86fcfc6adb709b3d73fa231ce02c360200d32
-
SSDEEP
12288:7LrjpzvgzCpehCOYIBodw3xqrDTLCfg3PAIr8q3YD3D6wZpzXBaMNLfcGXuDf:7L/lv63w1whqwg3PArAYD3xZpbBaMNDI
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-