General

  • Target

    d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7.bin

  • Size

    1.8MB

  • Sample

    240225-1x7r6sec5t

  • MD5

    64e19814ad13040312eef3c0ebef418a

  • SHA1

    9ac1935917bfc27f1d69d2c28362e753e53120af

  • SHA256

    d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7

  • SHA512

    b8926b5432464c637aa9286f467d7eac0b7d3cb570e3d5199ba3f329f9da382fab3ed93cf6328476053f392cd7c18de3ec9c6a2d222820e125fba73d92ad63b5

  • SSDEEP

    49152:T86FmcufFEU6F3vYO3f4wdJEY2kOgh3fG+T:T8pcfUAzv9JR2ji5T

Malware Config

Extracted

Family

octo

C2

https://20hffqm13hac.top/MTU2OWE0NzJjNGY5/

https://4lmmw85977x2.xyz/MTU2OWE0NzJjNGY5/

AES_key

Targets

    • Target

      d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7.bin

    • Size

      1.8MB

    • MD5

      64e19814ad13040312eef3c0ebef418a

    • SHA1

      9ac1935917bfc27f1d69d2c28362e753e53120af

    • SHA256

      d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7

    • SHA512

      b8926b5432464c637aa9286f467d7eac0b7d3cb570e3d5199ba3f329f9da382fab3ed93cf6328476053f392cd7c18de3ec9c6a2d222820e125fba73d92ad63b5

    • SSDEEP

      49152:T86FmcufFEU6F3vYO3f4wdJEY2kOgh3fG+T:T8pcfUAzv9JR2ji5T

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks