General

  • Target

    430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82.bin

  • Size

    661KB

  • Sample

    230927-1wvq8aee5v

  • MD5

    c44fc6964b12020e1a3e562b272bc115

  • SHA1

    0db777bbc7e03acf2e92ec543e09fcdb5621f4b6

  • SHA256

    430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82

  • SHA512

    87bc7f8d38c73f1af7bfda6441deb54d40b97219c05ed7fddbf36de6ce44d3900a308bd7e066a7db69748b4c21de96aa0127309eba7073c854dd10a9bbccd4dd

  • SSDEEP

    12288:eCsDDzOqBDXp7wtJW6z+h8wJfbIqM8v7W93olNjgwgmZ9TqaK7CpehCOYIBodw3M:vqhXFAifDIqMsClC5Z9T873w1whqwGr

Malware Config

Extracted

Family

octo

C2

https://185.225.75.19/YjRkZjE0NTUyNzZm/

https://otakikotaik4234234.net/YjRkZjE0NTUyNzZm/

https://otakikotaik3234234.net/YjRkZjE0NTUyNzZm/

https://otakikotaik1334534.net/YjRkZjE0NTUyNzZm/

https://otakikotaik1224634.net/YjRkZjE0NTUyNzZm/

https://otakikotaik6423234.net/YjRkZjE0NTUyNzZm/

AES_key

Targets

    • Target

      430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82.bin

    • Size

      661KB

    • MD5

      c44fc6964b12020e1a3e562b272bc115

    • SHA1

      0db777bbc7e03acf2e92ec543e09fcdb5621f4b6

    • SHA256

      430d9674b61a7c809bd49b8ff1a62d584a44b2c1164f8c5be377ddcaf8cead82

    • SHA512

      87bc7f8d38c73f1af7bfda6441deb54d40b97219c05ed7fddbf36de6ce44d3900a308bd7e066a7db69748b4c21de96aa0127309eba7073c854dd10a9bbccd4dd

    • SSDEEP

      12288:eCsDDzOqBDXp7wtJW6z+h8wJfbIqM8v7W93olNjgwgmZ9TqaK7CpehCOYIBodw3M:vqhXFAifDIqMsClC5Z9T873w1whqwGr

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks