Resubmissions

14-02-2024 01:46

240214-b7erpsdh9x 10

13-02-2024 22:02

240213-1x5b2saa7v 10

General

  • Target

    9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1.bin

  • Size

    1.7MB

  • Sample

    240213-1x5b2saa7v

  • MD5

    29e8a8c395b783b79805aa98dbc24301

  • SHA1

    f88219af653e82bb8d47e4dc6bd31a4416a50dea

  • SHA256

    9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1

  • SHA512

    6687c84933fb1c301e7d65c9148d854dc9c057905b3fae2b3319c68ba59f2fb574425fe4e73d6efd1d6bd5b2dcb343f97d28fde5fa2272c832a4e8b1f3365a55

  • SSDEEP

    49152:iIXbnBWIg3SxMFfw4uUrVCnMG2PI0MtcwQMCJTSBkgw1Bch:iWYGh43rIn92vWchMCJTZBch

Malware Config

Extracted

Family

octo

C2

https://4232fdnsjds.top/OGYyZmMyZmVlMGI0/

AES_key

Targets

    • Target

      9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1.bin

    • Size

      1.7MB

    • MD5

      29e8a8c395b783b79805aa98dbc24301

    • SHA1

      f88219af653e82bb8d47e4dc6bd31a4416a50dea

    • SHA256

      9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1

    • SHA512

      6687c84933fb1c301e7d65c9148d854dc9c057905b3fae2b3319c68ba59f2fb574425fe4e73d6efd1d6bd5b2dcb343f97d28fde5fa2272c832a4e8b1f3365a55

    • SSDEEP

      49152:iIXbnBWIg3SxMFfw4uUrVCnMG2PI0MtcwQMCJTSBkgw1Bch:iWYGh43rIn92vWchMCJTZBch

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks