General

  • Target

    ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a

  • Size

    2.3MB

  • Sample

    230929-sbzknscc5w

  • MD5

    b30d1e7f8aa46a2a9f2b250085a00c28

  • SHA1

    04247feb13ed2b512b2d7af604467d906e657216

  • SHA256

    ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a

  • SHA512

    393aa7cff31f256ada127b4b83137fd27ae27fb1997b9e980d5e9428331622def561f0ab8d7cdca8bcb4a8fb240d2fc016766d9dee5b33a64ea7f730f62b05e0

  • SSDEEP

    49152:uzRYcjwvMyOkiQJ5Yy4ini67eOuqHWqDnFPBaeCgeByEvtcUBiOsaUGDCduoGl8S:u1YcjwDO6LaFlqH/TFcBxszwCcodah

Malware Config

Extracted

Family

octo

C2

https://tnentob.pro/M2I2NGMzMzk4YzM0/

https://domforpro.online/M2I2NGMzMzk4YzM0/

https://bestproapp.pro/M2I2NGMzMzk4YzM0/

AES_key

Targets

    • Target

      ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a

    • Size

      2.3MB

    • MD5

      b30d1e7f8aa46a2a9f2b250085a00c28

    • SHA1

      04247feb13ed2b512b2d7af604467d906e657216

    • SHA256

      ffa2db1059fab8ba0188c41490b02c29e866ca1f4ecf41af60423da701e1192a

    • SHA512

      393aa7cff31f256ada127b4b83137fd27ae27fb1997b9e980d5e9428331622def561f0ab8d7cdca8bcb4a8fb240d2fc016766d9dee5b33a64ea7f730f62b05e0

    • SSDEEP

      49152:uzRYcjwvMyOkiQJ5Yy4ini67eOuqHWqDnFPBaeCgeByEvtcUBiOsaUGDCduoGl8S:u1YcjwDO6LaFlqH/TFcBxszwCcodah

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks