General
-
Target
ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a
-
Size
2.3MB
-
Sample
230929-sbzknscc5w
-
MD5
b30d1e7f8aa46a2a9f2b250085a00c28
-
SHA1
04247feb13ed2b512b2d7af604467d906e657216
-
SHA256
ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a
-
SHA512
393aa7cff31f256ada127b4b83137fd27ae27fb1997b9e980d5e9428331622def561f0ab8d7cdca8bcb4a8fb240d2fc016766d9dee5b33a64ea7f730f62b05e0
-
SSDEEP
49152:uzRYcjwvMyOkiQJ5Yy4ini67eOuqHWqDnFPBaeCgeByEvtcUBiOsaUGDCduoGl8S:u1YcjwDO6LaFlqH/TFcBxszwCcodah
Static task
static1
Behavioral task
behavioral1
Sample
ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral2
Sample
ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral3
Sample
ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a.apk
Resource
android-x86-arm-20230831-en
Malware Config
Extracted
octo
https://tnentob.pro/M2I2NGMzMzk4YzM0/
https://domforpro.online/M2I2NGMzMzk4YzM0/
https://bestproapp.pro/M2I2NGMzMzk4YzM0/
Targets
-
-
Target
ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a
-
Size
2.3MB
-
MD5
b30d1e7f8aa46a2a9f2b250085a00c28
-
SHA1
04247feb13ed2b512b2d7af604467d906e657216
-
SHA256
ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a
-
SHA512
393aa7cff31f256ada127b4b83137fd27ae27fb1997b9e980d5e9428331622def561f0ab8d7cdca8bcb4a8fb240d2fc016766d9dee5b33a64ea7f730f62b05e0
-
SSDEEP
49152:uzRYcjwvMyOkiQJ5Yy4ini67eOuqHWqDnFPBaeCgeByEvtcUBiOsaUGDCduoGl8S:u1YcjwDO6LaFlqH/TFcBxszwCcodah
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-