General

  • Target

    846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d

  • Size

    1.4MB

  • Sample

    240131-pm75eacac6

  • MD5

    e8663d7b3eec9509ed49d5a85d0c39d1

  • SHA1

    af654776384ece12c2274ae39acfebb6cc39f639

  • SHA256

    846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d

  • SHA512

    827f1c2de44bfc0c935f10223d93711ae592377f5c7ba4f9daba64f2d90f911f4f1a65990211a2b8e6a151d08c5fc840d6e2d8c26b6031d40f79c8963278b053

  • SSDEEP

    24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr

Malware Config

Extracted

Family

octo

C2

https://zaglefolki1.info/MTU2OWE0NzJjNGY5/

https://passajire555.live/MTU2OWE0NzJjNGY5/

https://majestike8ca.top/MTU2OWE0NzJjNGY5/

https://jikugac818v.vip/MTU2OWE0NzJjNGY5/

AES_key

Targets

    • Target

      846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d

    • Size

      1.4MB

    • MD5

      e8663d7b3eec9509ed49d5a85d0c39d1

    • SHA1

      af654776384ece12c2274ae39acfebb6cc39f639

    • SHA256

      846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d

    • SHA512

      827f1c2de44bfc0c935f10223d93711ae592377f5c7ba4f9daba64f2d90f911f4f1a65990211a2b8e6a151d08c5fc840d6e2d8c26b6031d40f79c8963278b053

    • SSDEEP

      24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks