General

  • Target

    304c57352f21614b7a91a0f79ae2e052f61fb9342a3a937969e8f61b10b0857b.bin

  • Size

    196KB

  • Sample

    240224-1x42aafe49

  • MD5

    7af994dad8386723cff43194e11704ca

  • SHA1

    2b3600b953df786dd748fb05e1fffd270583b350

  • SHA256

    304c57352f21614b7a91a0f79ae2e052f61fb9342a3a937969e8f61b10b0857b

  • SHA512

    db8f4f866038a6bf65075e6b025adf28435d69cd9c2520e77116470e88a87da218f502587793a13ab25f5f7663cce7a0f4b83152ae33c053e7a9cfd4ce5c855d

  • SSDEEP

    6144:cvYCXPkUEWPeEcodoQLa30l5BPn+slOPfJEe/vbY7:xSMUPlcoBG0plOPfOes7

Malware Config

Extracted

Family

octo

C2

https://193.233.254.67:7117/gate/

AES_key

Targets

    • Target

      304c57352f21614b7a91a0f79ae2e052f61fb9342a3a937969e8f61b10b0857b.bin

    • Size

      196KB

    • MD5

      7af994dad8386723cff43194e11704ca

    • SHA1

      2b3600b953df786dd748fb05e1fffd270583b350

    • SHA256

      304c57352f21614b7a91a0f79ae2e052f61fb9342a3a937969e8f61b10b0857b

    • SHA512

      db8f4f866038a6bf65075e6b025adf28435d69cd9c2520e77116470e88a87da218f502587793a13ab25f5f7663cce7a0f4b83152ae33c053e7a9cfd4ce5c855d

    • SSDEEP

      6144:cvYCXPkUEWPeEcodoQLa30l5BPn+slOPfJEe/vbY7:xSMUPlcoBG0plOPfOes7

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks