General
-
Target
d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7.bin
-
Size
1.8MB
-
Sample
240225-1x7r6sec5t
-
MD5
64e19814ad13040312eef3c0ebef418a
-
SHA1
9ac1935917bfc27f1d69d2c28362e753e53120af
-
SHA256
d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7
-
SHA512
b8926b5432464c637aa9286f467d7eac0b7d3cb570e3d5199ba3f329f9da382fab3ed93cf6328476053f392cd7c18de3ec9c6a2d222820e125fba73d92ad63b5
-
SSDEEP
49152:T86FmcufFEU6F3vYO3f4wdJEY2kOgh3fG+T:T8pcfUAzv9JR2ji5T
Static task
static1
Behavioral task
behavioral1
Sample
d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7.apk
Resource
android-33-x64-arm64-20240221-en
Malware Config
Extracted
octo
https://20hffqm13hac.top/MTU2OWE0NzJjNGY5/
https://4lmmw85977x2.xyz/MTU2OWE0NzJjNGY5/
Targets
-
-
Target
d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7.bin
-
Size
1.8MB
-
MD5
64e19814ad13040312eef3c0ebef418a
-
SHA1
9ac1935917bfc27f1d69d2c28362e753e53120af
-
SHA256
d4e9ad63f3d9630eedec8d52bd95a8ebcf4aa2d71c4787470526dac5d609bec7
-
SHA512
b8926b5432464c637aa9286f467d7eac0b7d3cb570e3d5199ba3f329f9da382fab3ed93cf6328476053f392cd7c18de3ec9c6a2d222820e125fba73d92ad63b5
-
SSDEEP
49152:T86FmcufFEU6F3vYO3f4wdJEY2kOgh3fG+T:T8pcfUAzv9JR2ji5T
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-