Overview

overview

10

Static

static

7

846a04a5a0...4d.apk

android-10-x64

10

846a04a5a0...4d.apk

android-11-x64

10

846a04a5a0...4d.apk

android-9-x86

10

Resubmissions

27-09-2023 04:24

230927-e1rdpsff41 10

27-09-2023 02:17

230927-cq4vyage88 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8663d7b3eec9509ed49d5a85d0c39d1.bin

  • Size

    1.4MB

  • Sample

    230927-e1rdpsff41

  • MD5

    cdc92178d390d6b83cb09a57f49a14db

  • SHA1

    b90e41b51ce4d747ea1fb0653b5c19b650de442c

  • SHA256

    f289b4cf6ce9e3be9df1136a91c06a5eadcf2fdd7a5fb440330c1e3657b39780

  • SHA512

    f0f2aaf31a35eeab769a8262cbb7784c816a0e5848a34b8c7c5eb60993fc0f0a31b2aa0e437af6be0bd385b22182787f6eff1ee83e919aec6468a4d80d6a4061

  • SSDEEP

    24576:iLeElpAdD2cZUZeU8snKrphjrRbazApz/hKw4gWCRFx9Rsx9ObR73PRGgKVrKZ45:WepdDDmfdnwhvdrpz5VfuKbp35+w47SW

Score
10/10
octoandroidbankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://zaglefolki1.info/MTU2OWE0NzJjNGY5/

https://passajire555.live/MTU2OWE0NzJjNGY5/

https://majestike8ca.top/MTU2OWE0NzJjNGY5/

https://jikugac818v.vip/MTU2OWE0NzJjNGY5/

https://cleverk21da912mca.live/MTU2OWE0NzJjNGY5/

https://zazarazgok7215vor1.pro/MTU2OWE0NzJjNGY5/

https://juf18ki1ca15ca1la.info/MTU2OWE0NzJjNGY5/
AES_key

Targets

    • Target

      846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d.apk

    • Size

      1.4MB

    • MD5

      e8663d7b3eec9509ed49d5a85d0c39d1

    • SHA1

      af654776384ece12c2274ae39acfebb6cc39f639

    • SHA256

      846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d

    • SHA512

      827f1c2de44bfc0c935f10223d93711ae592377f5c7ba4f9daba64f2d90f911f4f1a65990211a2b8e6a151d08c5fc840d6e2d8c26b6031d40f79c8963278b053

    • SSDEEP

      24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr

    Score
    10/10
    octobankerinfostealerransomwarerattrojanevasionstealth

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks