General
-
Target
9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1.bin
-
Size
1.7MB
-
Sample
240213-1x5b2saa7v
-
MD5
29e8a8c395b783b79805aa98dbc24301
-
SHA1
f88219af653e82bb8d47e4dc6bd31a4416a50dea
-
SHA256
9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1
-
SHA512
6687c84933fb1c301e7d65c9148d854dc9c057905b3fae2b3319c68ba59f2fb574425fe4e73d6efd1d6bd5b2dcb343f97d28fde5fa2272c832a4e8b1f3365a55
-
SSDEEP
49152:iIXbnBWIg3SxMFfw4uUrVCnMG2PI0MtcwQMCJTSBkgw1Bch:iWYGh43rIn92vWchMCJTZBch
Static task
static1
Behavioral task
behavioral1
Sample
9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1.apk
Resource
android-x86-arm-20231215-en
Malware Config
Extracted
octo
https://4232fdnsjds.top/OGYyZmMyZmVlMGI0/
Targets
-
-
Target
9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1.bin
-
Size
1.7MB
-
MD5
29e8a8c395b783b79805aa98dbc24301
-
SHA1
f88219af653e82bb8d47e4dc6bd31a4416a50dea
-
SHA256
9e55646fa27d86e799b3a2dc0c279d8f81e34f3d23f572526b3c9af3095629a1
-
SHA512
6687c84933fb1c301e7d65c9148d854dc9c057905b3fae2b3319c68ba59f2fb574425fe4e73d6efd1d6bd5b2dcb343f97d28fde5fa2272c832a4e8b1f3365a55
-
SSDEEP
49152:iIXbnBWIg3SxMFfw4uUrVCnMG2PI0MtcwQMCJTSBkgw1Bch:iWYGh43rIn92vWchMCJTZBch
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-