Overview

overview

10

Static

static

6

909c29ff93...40.apk

android-9-x86

10

909c29ff93...40.apk

android-13-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    909c29ff93d09b940bf756a3e1a872d99f52a2de9194f070a38637d510f0b540

  • Size

    530KB

  • Sample

    231220-jh8bqaaaen

  • MD5

    f70de8a0f0a552a1b773e3b63348e52a

  • SHA1

    e55acf0b63c7c313379a41339fa763b039d024ce

  • SHA256

    909c29ff93d09b940bf756a3e1a872d99f52a2de9194f070a38637d510f0b540

  • SHA512

    83a7dc86f8edf4e0246fd8c1b559d88f195455794a047a21a04af8e470646f5aad80261662803811574c041c6ae85c99e9e8e46dc365aad18df04f1f1eff50a3

  • SSDEEP

    12288:KfwbMA3zSXAvSu89ZoTMHqrfa1g8HqU2lA+ZcRqrmlhQps/6iObb:K4AAuXaSu83LHqrfb8HqU2lHcRMns/6J

Score
10/10
octoandroidbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://24fdghhoo1.top/doc/

https://25fdghhoo1.top/doc/

https://26fdghhoo1.top/doc/

https://27fdghhoo1.top/doc/

https://28fdghhoo1.top/doc/

https://29fdghhoo1.top/doc/

https://210fdghhoo1.top/doc/

https://211fdghhoo1.top/doc/

https://122fdghhoo1.top/doc/

https://123fdghhoo1.top/doc/

https://124fdghhoo1.top/doc/

https://125fdghhoo1.top/doc/

https://126fdghhoo1.top/doc/

https://127fdghhoo1.top/doc/

https://128fdghhoo1.top/doc/

https://129fdghhoo1.top/doc/

https://220fdghhoo1.top/doc/

https://234fdghhoo1.top/doc/

https://235fdghhoo1.top/doc/

https://236fdghhoo1.top/doc/
AES_key

Targets

    • Target

      909c29ff93d09b940bf756a3e1a872d99f52a2de9194f070a38637d510f0b540

    • Size

      530KB

    • MD5

      f70de8a0f0a552a1b773e3b63348e52a

    • SHA1

      e55acf0b63c7c313379a41339fa763b039d024ce

    • SHA256

      909c29ff93d09b940bf756a3e1a872d99f52a2de9194f070a38637d510f0b540

    • SHA512

      83a7dc86f8edf4e0246fd8c1b559d88f195455794a047a21a04af8e470646f5aad80261662803811574c041c6ae85c99e9e8e46dc365aad18df04f1f1eff50a3

    • SSDEEP

      12288:KfwbMA3zSXAvSu89ZoTMHqrfa1g8HqU2lA+ZcRqrmlhQps/6iObb:K4AAuXaSu83LHqrfb8HqU2lHcRMns/6J

    Score
    10/10
    octobankerevasioninfostealerratstealthtrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      banker

    • Removes its main activity from the application launcher

      stealthtrojan

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks