Overview

overview

10

Static

static

6

9a390bfbdf...3f.apk

 

9a390bfbdf...3f.apk

android-13-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9a390bfbdfee8f20a9623886979af54445e37b67df07049ee1485b90149b113f

  • Size

    530KB

  • Sample

    231220-k3nngshdc9

  • MD5

    261053d2c07414137a16248217d1a928

  • SHA1

    a87aeebf50f651289208bc145b0ba9f86e61e562

  • SHA256

    9a390bfbdfee8f20a9623886979af54445e37b67df07049ee1485b90149b113f

  • SHA512

    605e95866fed20a433a8a9ad3eb399d8f5bbb8e99dcd7c19ce427f5f3392a68090527666c7cb2916e44c612aa24e65a0e7c94376fde128e03318c270707b0a22

  • SSDEEP

    12288:CW4XLYBx+9wnPskSpgsH/SlnnPwstaTdNKDUrSGYgA4KfXrwnT2Wjfig:FoYr+9wnPskSpd/An3cb26uwTl

Score
10/10
octoandroidbankerevasioninfostealerrattrojan

Malware Config

Extracted

Family

octo

C2

https://24fdghhoo1.top/doc/

https://25fdghhoo1.top/doc/

https://26fdghhoo1.top/doc/

https://27fdghhoo1.top/doc/

https://28fdghhoo1.top/doc/

https://29fdghhoo1.top/doc/

https://210fdghhoo1.top/doc/

https://211fdghhoo1.top/doc/

https://122fdghhoo1.top/doc/

https://123fdghhoo1.top/doc/

https://124fdghhoo1.top/doc/

https://125fdghhoo1.top/doc/

https://126fdghhoo1.top/doc/

https://127fdghhoo1.top/doc/

https://128fdghhoo1.top/doc/

https://129fdghhoo1.top/doc/

https://220fdghhoo1.top/doc/

https://234fdghhoo1.top/doc/

https://235fdghhoo1.top/doc/

https://236fdghhoo1.top/doc/
AES_key

Targets

    • Target

      9a390bfbdfee8f20a9623886979af54445e37b67df07049ee1485b90149b113f

    • Size

      530KB

    • MD5

      261053d2c07414137a16248217d1a928

    • SHA1

      a87aeebf50f651289208bc145b0ba9f86e61e562

    • SHA256

      9a390bfbdfee8f20a9623886979af54445e37b67df07049ee1485b90149b113f

    • SHA512

      605e95866fed20a433a8a9ad3eb399d8f5bbb8e99dcd7c19ce427f5f3392a68090527666c7cb2916e44c612aa24e65a0e7c94376fde128e03318c270707b0a22

    • SSDEEP

      12288:CW4XLYBx+9wnPskSpgsH/SlnnPwstaTdNKDUrSGYgA4KfXrwnT2Wjfig:FoYr+9wnPskSpd/An3cb26uwTl

    Score
    10/10
    octobankerevasioninfostealerrattrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      banker

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks