octo

Sharing

Copy URL

Twitter E-mail

General

Target

6552b0699c6683b9a7d905d431b14403.bin
Size

1.9MB
Sample

230929-bybnpafb71
MD5

6552b0699c6683b9a7d905d431b14403
SHA1

a40c6bb1990ce78414b64bf9a2f6225e6012ee8e
SHA256

5ebac20a82963408b103b0e53da63fc22a15404321989a090505ee8258095423
SHA512

e488030c5d39ea668f8d8e4b799ce34f54eb2ecd34d1e5c36d88293137d58997bb674533d6be880cd9703ae2c6d5622d521ca8a2194e21dbc7c112f471896834
SSDEEP

24576:MmlR3LHA9i1J6hf+SsmW+c92P4J1dMZAMm7tAme4Z/w5gNlVYRDlYqjaOB04IB3+:zLA816famWaP4yY5RZ/wytEieLRfbfV

Score

10^/10

Malware Config

Extracted

Family

octo

https://cm603lzeyxdw.site/MTU2OWE0NzJjNGY5/

https://cm603lzeyxdw1.site/MTU2OWE0NzJjNGY5/

https://arw2he7x57wp.pw/MTU2OWE0NzJjNGY5/

https://5a9udxg6l6gd.su/MTU2OWE0NzJjNGY5/

https://9r8i1u84t2gp.online/MTU2OWE0NzJjNGY5/

https://cm603lzeyxdw.space/MTU2OWE0NzJjNGY5/

https://cleverk21da912mca.live/MTU2OWE0NzJjNGY5/

https://zazarazgok7215vor1.pro/MTU2OWE0NzJjNGY5/

https://juf18ki1ca15ca1la.info/MTU2OWE0NzJjNGY5/

https://pofvac15camkkecz5.cc/MTU2OWE0NzJjNGY5/

AES_key

Targets

- Target
  
  6552b0699c6683b9a7d905d431b14403.bin
- Size
  
  1.9MB
- MD5
  
  6552b0699c6683b9a7d905d431b14403
- SHA1
  
  a40c6bb1990ce78414b64bf9a2f6225e6012ee8e
- SHA256
  
  5ebac20a82963408b103b0e53da63fc22a15404321989a090505ee8258095423
- SHA512
  
  e488030c5d39ea668f8d8e4b799ce34f54eb2ecd34d1e5c36d88293137d58997bb674533d6be880cd9703ae2c6d5622d521ca8a2194e21dbc7c112f471896834
- SSDEEP
  
  24576:MmlR3LHA9i1J6hf+SsmW+c92P4J1dMZAMm7tAme4Z/w5gNlVYRDlYqjaOB04IB3+:zLA816famWaP4yY5RZ/wytEieLRfbfV
Score

10^/10

octo banker evasion infostealer ransomware rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo payload
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2
- Target
  
  AlphaPresentForms.js
- Size
  
  736B
- MD5
  
  9f0fd442a69436f18361bfea0c0aebe9
- SHA1
  
  ec27a482038e09e08eb22c30788db03ab4030508
- SHA256
  
  0c199ddf5f30ca35f3b0477473948ab48da0408a4048752dde49860630da7434
- SHA512
  
  181b43af62d6cbd2617a39db7ad24dc33a8e703bf08710326494beae1387c92b62d369534d0a27cd6c5cb9aa1cca2e30807de8d965ba1c25866b09b3e5c6fa8a
Score

1^/10
behavioral3 behavioral4
- Target
  
  BoxDrawing.js
- Size
  
  1KB
- MD5
  
  0cb7e23edea262ea52afe968a2908ad3
- SHA1
  
  d3ffcad5657c83e3d7ea5396a700c639ff1f4044
- SHA256
  
  ac097b326f7b9177c391f7b8728ff9f2f61b14beb6fc36a0fe33fd4198871656
- SHA512
  
  093ce5900054f29fb24e37558c9b4bab9449125d131fa8a30c2d7255348c5b73fff9c7f0740e7efa5f33340a1b238832c7f9ee041d40dfb4105d72b09c3f00f8
Score

1^/10
behavioral5 behavioral6
- Target
  
  CombDiactForSymbols.js
- Size
  
  1KB
- MD5
  
  173453157a71ad90703f0384f5b91edb
- SHA1
  
  7eb74f02d03010dec5e1e27545afe48d0d5c5537
- SHA256
  
  38013ffc08fdd89c5a1a8c155f5461459de3ab4ad16ccb6b7a2b203dace617be
- SHA512
  
  efab408457a9eecaf9365ee42d49e45821ce776ba69b5f2462345524af2fcc2b42cb3fc4d6411c63f057e276161e4b1fa2aeb33e21d64f32574588adcd626eb4
Score

1^/10
behavioral7 behavioral8
- Target
  
  ControlPictures.js
- Size
  
  612B
- MD5
  
  5ec6c5cf6a2e82b611549f796cc60b31
- SHA1
  
  306543fe3ef5b69c48791e50fa411dab69a66918
- SHA256
  
  e767d3d7acb496011600a28f22a6b8263c0957790d9613df08e8350473133746
- SHA512
  
  a8059f9c3e68118e7f6066d6a2b5b4706eaecf3f1c8068702fc0e32e45e6f880b4e971ad228a56433e81644ae0e25015ba0a3267427a3fe5b81c30d8189e41c4
Score

1^/10
behavioral10 behavioral9
- Target
  
  CurrencySymbols.js
- Size
  
  685B
- MD5
  
  08f9529e5d54157d276a38f4774e982a
- SHA1
  
  2b9dd5b839f86150a7b628dd77f2e7088d70aead
- SHA256
  
  ac461b2c63429a7c2737838e588681988ae6fffe2fdd1f129b760e9ae223ec1f
- SHA512
  
  a5672bf4c89d82edb21860eeb28f5d35d9e395e8e406df36798914ac5f97d90d58a0020fc4a20fa7ebd5c5930117fe91a09d17449c4b2a6329799ce7a05bcd72
Score

1^/10
behavioral11 behavioral12
- Target
  
  Cyrillic.js
- Size
  
  3KB
- MD5
  
  4090e790e05485dc58b8ebdbd481cfb4
- SHA1
  
  aa8f4de1faae6480bb82b2b5b9be038232cdbc53
- SHA256
  
  1bbe1abf7db8ff7fa2858892ef4ddd998b709b6e17fadfd319bf80e9712ecbee
- SHA512
  
  ca51503fcccea5685777354baaeebc1becda524d783189ec3ca3ef0b84cde7d79a39769930926e5f860dce0692376dedacd84d02fbf9f287e8d8498c173ac1b0
Score

1^/10
behavioral13 behavioral14
- Target
  
  EnclosedAlphanum.js
- Size
  
  2KB
- MD5
  
  cd04e2701b57d81f4f2b2dc2e54b8803
- SHA1
  
  9fa99b994376fb5ef18b03669da3ca34f9e61af1
- SHA256
  
  c28055ba649fc459c0a33146b71fd0d65fb0cfce7bcb61d433d99f43e3efafc9
- SHA512
  
  88e972b9745160dd61928ab86b090fc44e7618fe22695db546f3caa97c4617e589b67b7f63f670ce82e3d730e7c05afec2cff18e0036d71ac5478f1a45180aa9
Score

1^/10
behavioral15 behavioral16
- Target
  
  GeneralPunctuation.js
- Size
  
  1KB
- MD5
  
  82140b87ef6336ba3bd04740e2ce857e
- SHA1
  
  3244cc80411a3fec3c5641929bfc534ed2708afc
- SHA256
  
  13665072b6924e20185e96d286d70ad53a847dfe0f327fad86022c4cca8c8f69
- SHA512
  
  f27c1c551330395a47bb955ab28f3a2403c6398317f875d3c8fed1b335d973e4b05f146a39b612cfe3d1c5591843627cb23330377a29f018eb9fab0031f9a052
Score

1^/10
behavioral17 behavioral18
- Target
  
  GreekAndCoptic.js
- Size
  
  1KB
- MD5
  
  ef3633d0cb2e8bef95a060f656b2d0ef
- SHA1
  
  8055719951acfee48cc29f5a8e333f459f4f3113
- SHA256
  
  931fc8d12a7105b4c4c3bf534fdc6217b7fed4b598d14340c1497195a2303987
- SHA512
  
  eb6eb417daca68d643c42df58367e7c08fddb5030cae47f88d2bc3e4d208a41abeb2b329a63eeb6e2d8389d2da63313c046dbac2424c31a776698cecfb1860bc
Score

1^/10
behavioral19 behavioral20
- Target
  
  GreekItalic.js
- Size
  
  2KB
- MD5
  
  7471d522bf9b31d06afbac8582d7113d
- SHA1
  
  43d045041eaaf63048fb80d75362d0cb3e0e7666
- SHA256
  
  848058dd26761c7b39fc3ae67c594146a29d46693721808a6d9128d77ea33def
- SHA512
  
  8b81a20a07cb2854b8d986793ce05142282b67a16f8563d380eb94ffe33a82cfa93d9455224c7c7adea81c5ffeee89630887e8d2ad038ed958505bb54dd1f7c0
Score

1^/10
behavioral21 behavioral22
- Target
  
  IPAExtensions.js
- Size
  
  2KB
- MD5
  
  abfa48a16cf1c1fc20a8ee6aaec815d9
- SHA1
  
  c6c29b2e9f1a08fa8bd3e6218585b5c7999b7d2b
- SHA256
  
  f008921a61a9f9cbd95faea3a071ca5283039f8e4becd3fe56d316706f07c4db
- SHA512
  
  1f099bca7fb3f7d3ba0cb17dc14937117d7d550ed599bf2a6b3162b39336e8d6f418481322b148808d3d7d0cb510c243bc62d0525f8b6a37590ed9ba305d5213
Score

1^/10
behavioral23 behavioral24
- Target
  
  Latin1Supplement.js
- Size
  
  2KB
- MD5
  
  4cb14df74e10220041d5be8c427fec7a
- SHA1
  
  34f459a501b3e336bdb899f29886d069f23872b3
- SHA256
  
  2bc78f0157dcb66024c23d8d90a4d781aa5a07247036815fb1c71b2bf971ec02
- SHA512
  
  d8ffdc13a390f530c8ff3dc67347a0e62504a402f37c90db158856b383ead753d2d5aa498bb7e2735ef74cc7aa9f575dd677033607fea343b027ae0156f3144c
Score

1^/10
behavioral25 behavioral26
- Target
  
  LatinExtendedA.js
- Size
  
  3KB
- MD5
  
  dc6223c2bae1396179436826047fe57d
- SHA1
  
  6d6c87203887dea8d0133493da984abda28ec631
- SHA256
  
  4da15adb290adfb403ccc6ff1b0d933de26c0b90d1dd7db004170fe01766d138
- SHA512
  
  b424a4614d4af30d8da96e1b3b7261f396b961fd6e535fd11f815c4359e9055ab9341deffe2ec842279db41aa747a0fb8d44aadf27f4a272b2eccbf33df79cf6
Score

1^/10
behavioral27 behavioral28
- Target
  
  LatinExtendedAdditional.js
- Size
  
  804B
- MD5
  
  278c4dc9f76ade5bb56fb098ed06da46
- SHA1
  
  f98bd7b616423eb12a16c3c228788269fc651498
- SHA256
  
  2302d7470ec1d06763f931a0203a7dac7262ff62eba1f2fd5fd4e28296031338
- SHA512
  
  fcf16a69633b5180f6eccdb9397bbdbf3b93ef066491413f3fa50394f39435b1cf3931734153157ef83637487cff7d26b2949650e439b94a92d969f983c91d7a
Score

1^/10
behavioral29 behavioral30
- Target
  
  LatinExtendedB.js
- Size
  
  1KB
- MD5
  
  c627a5202f2770f560e95a8f17c23a60
- SHA1
  
  6c84118cb43a07d914779ead5a43495ec2f273ce
- SHA256
  
  c9e320e62d8676eea91f015df3062960a36aa7e9a056df2977b8701e45da3244
- SHA512
  
  bdd4248430d2cf441b74673a07e5dafbee2e9e7a00d674187094e6f8fa49ab48e8f84f7e6b3811da15dda72cdf4962b4beab9e669f5bb3a801af24efb1598e06
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Octo payload

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Removes its main activity from the application launcher

Acquires the wake lock.

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32