General
-
Target
846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d
-
Size
1.4MB
-
Sample
240131-pm75eacac6
-
MD5
e8663d7b3eec9509ed49d5a85d0c39d1
-
SHA1
af654776384ece12c2274ae39acfebb6cc39f639
-
SHA256
846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d
-
SHA512
827f1c2de44bfc0c935f10223d93711ae592377f5c7ba4f9daba64f2d90f911f4f1a65990211a2b8e6a151d08c5fc840d6e2d8c26b6031d40f79c8963278b053
-
SSDEEP
24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr
Static task
static1
Behavioral task
behavioral1
Sample
846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d.apk
Resource
android-x86-arm-20231215-en
Malware Config
Extracted
octo
https://zaglefolki1.info/MTU2OWE0NzJjNGY5/
https://passajire555.live/MTU2OWE0NzJjNGY5/
https://majestike8ca.top/MTU2OWE0NzJjNGY5/
https://jikugac818v.vip/MTU2OWE0NzJjNGY5/
Targets
-
-
Target
846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d
-
Size
1.4MB
-
MD5
e8663d7b3eec9509ed49d5a85d0c39d1
-
SHA1
af654776384ece12c2274ae39acfebb6cc39f639
-
SHA256
846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d
-
SHA512
827f1c2de44bfc0c935f10223d93711ae592377f5c7ba4f9daba64f2d90f911f4f1a65990211a2b8e6a151d08c5fc840d6e2d8c26b6031d40f79c8963278b053
-
SSDEEP
24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-