General
-
Target
0e5bc568e3c7267426466f3a51fba1cccff7dd1626a25f25bc5c1d314b879ffa.bin
-
Size
661KB
-
Sample
230927-1ybq5aee6w
-
MD5
e49c356deb2d4f1e6babe9e58111401c
-
SHA1
aa7efafb38a1a23db28ae12af1a7f608cbbb535b
-
SHA256
0e5bc568e3c7267426466f3a51fba1cccff7dd1626a25f25bc5c1d314b879ffa
-
SHA512
9365bb468d60d9fd67182dd6fdda1b1536b6bfe004e8742c1c9e383350db271fd909fe42c4f6c06fb621b7ea1c0fba087e635203247a953262415fdaca60c9db
-
SSDEEP
12288:urECyAzCtZVeHc+4IknljAlAZyqQecuePjBGbIAK9rR7CpehCOYIBodw3xqrDTLk:urErAzMxMnjB6IAKJR73w1whqc
Static task
static1
Behavioral task
behavioral1
Sample
0e5bc568e3c7267426466f3a51fba1cccff7dd1626a25f25bc5c1d314b879ffa.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
0e5bc568e3c7267426466f3a51fba1cccff7dd1626a25f25bc5c1d314b879ffa.apk
Resource
android-x64-arm64-20230831-en
Malware Config
Extracted
octo
https://185.225.75.19/YjRkZjE0NTUyNzZm/
https://otakikotaik4234234.net/YjRkZjE0NTUyNzZm/
https://otakikotaik3234234.net/YjRkZjE0NTUyNzZm/
https://otakikotaik1334534.net/YjRkZjE0NTUyNzZm/
https://otakikotaik1224634.net/YjRkZjE0NTUyNzZm/
https://otakikotaik6423234.net/YjRkZjE0NTUyNzZm/
Targets
-
-
Target
0e5bc568e3c7267426466f3a51fba1cccff7dd1626a25f25bc5c1d314b879ffa.bin
-
Size
661KB
-
MD5
e49c356deb2d4f1e6babe9e58111401c
-
SHA1
aa7efafb38a1a23db28ae12af1a7f608cbbb535b
-
SHA256
0e5bc568e3c7267426466f3a51fba1cccff7dd1626a25f25bc5c1d314b879ffa
-
SHA512
9365bb468d60d9fd67182dd6fdda1b1536b6bfe004e8742c1c9e383350db271fd909fe42c4f6c06fb621b7ea1c0fba087e635203247a953262415fdaca60c9db
-
SSDEEP
12288:urECyAzCtZVeHc+4IknljAlAZyqQecuePjBGbIAK9rR7CpehCOYIBodw3xqrDTLk:urErAzMxMnjB6IAKJR73w1whqc
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-