General
-
Target
430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82.bin
-
Size
661KB
-
Sample
230927-1wvq8aee5v
-
MD5
c44fc6964b12020e1a3e562b272bc115
-
SHA1
0db777bbc7e03acf2e92ec543e09fcdb5621f4b6
-
SHA256
430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82
-
SHA512
87bc7f8d38c73f1af7bfda6441deb54d40b97219c05ed7fddbf36de6ce44d3900a308bd7e066a7db69748b4c21de96aa0127309eba7073c854dd10a9bbccd4dd
-
SSDEEP
12288:eCsDDzOqBDXp7wtJW6z+h8wJfbIqM8v7W93olNjgwgmZ9TqaK7CpehCOYIBodw3M:vqhXFAifDIqMsClC5Z9T873w1whqwGr
Static task
static1
Behavioral task
behavioral1
Sample
430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82.apk
Resource
android-x64-20230831-en
Malware Config
Extracted
octo
https://185.225.75.19/YjRkZjE0NTUyNzZm/
https://otakikotaik4234234.net/YjRkZjE0NTUyNzZm/
https://otakikotaik3234234.net/YjRkZjE0NTUyNzZm/
https://otakikotaik1334534.net/YjRkZjE0NTUyNzZm/
https://otakikotaik1224634.net/YjRkZjE0NTUyNzZm/
https://otakikotaik6423234.net/YjRkZjE0NTUyNzZm/
Targets
-
-
Target
430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82.bin
-
Size
661KB
-
MD5
c44fc6964b12020e1a3e562b272bc115
-
SHA1
0db777bbc7e03acf2e92ec543e09fcdb5621f4b6
-
SHA256
430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82
-
SHA512
87bc7f8d38c73f1af7bfda6441deb54d40b97219c05ed7fddbf36de6ce44d3900a308bd7e066a7db69748b4c21de96aa0127309eba7073c854dd10a9bbccd4dd
-
SSDEEP
12288:eCsDDzOqBDXp7wtJW6z+h8wJfbIqM8v7W93olNjgwgmZ9TqaK7CpehCOYIBodw3M:vqhXFAifDIqMsClC5Z9T873w1whqwGr
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-