octo | cc953fcf4067e2cddf2249ac9886f905b80f75382a10ce6c2645a5c1efd2e068 | Triage

Sharing

General

Target

cc953fcf4067e2cddf2249ac9886f905b80f75382a10ce6c2645a5c1efd2e068.bin
Size

344KB
Sample

240222-1x9lrsff3x
MD5

fb2625d0559db749958b768bc467c8b9
SHA1

93d6ea5ee47fc205ee72ea583a6944ed3074b7a3
SHA256

cc953fcf4067e2cddf2249ac9886f905b80f75382a10ce6c2645a5c1efd2e068
SHA512

be4b5e4deacc2b1810b1f4f85a339580435042158240581aa88ca49e9bb05c7c68cf09d79cdcc31eea97d34fff25ca21a2bef59bddea47f266bbdce5f7ae8dfc
SSDEEP

6144:7ib+APNj/fLCkF5B5O6cw4g0Hx6AaHwdtAFWAcro+0Q88eLEljSLLeVaQ4L:7iTPlfLDFb5f8g4x6AvGW5o+L0SVaX

Score

10^/10

octo android banker collection discovery evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

octo

C2

https://91.92.241.171:7117/gate/

AES_key

Targets

- Target
  
  cc953fcf4067e2cddf2249ac9886f905b80f75382a10ce6c2645a5c1efd2e068.bin
- Size
  
  344KB
- MD5
  
  fb2625d0559db749958b768bc467c8b9
- SHA1
  
  93d6ea5ee47fc205ee72ea583a6944ed3074b7a3
- SHA256
  
  cc953fcf4067e2cddf2249ac9886f905b80f75382a10ce6c2645a5c1efd2e068
- SHA512
  
  be4b5e4deacc2b1810b1f4f85a339580435042158240581aa88ca49e9bb05c7c68cf09d79cdcc31eea97d34fff25ca21a2bef59bddea47f266bbdce5f7ae8dfc
- SSDEEP
  
  6144:7ib+APNj/fLCkF5B5O6cw4g0Hx6AaHwdtAFWAcro+0Q88eLEljSLLeVaQ4L:7iTPlfLDFb5f8g4x6AvGW5o+L0SVaX
Score

10^/10

octo banker collection discovery evasion infostealer rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

octobankercollectiondiscoveryevasioninfostealerratstealthtrojan

behavioral2

octobankercollectiondiscoveryevasioninfostealerrattrojan

behavioral3

octobankercollectiondiscoveryevasioninfostealerrattrojan