General
-
Target
d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d.bin
-
Size
1.2MB
-
Sample
240225-1xsm9aec3x
-
MD5
98f880d154eb4cd6caa11dcb74443898
-
SHA1
33d265ef073ba753337a2459b9dc914722445419
-
SHA256
d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d
-
SHA512
a2804fe514c5966d80a4a2ed7fabef6debc61fc4223d6e51ee91391ee1e7dfef6d244f3c55a987059de46a1ec2d72b091a44a1cdf2a38a9bb7c6ce0ea57c0cc9
-
SSDEEP
24576:NiF26yTJfwCxG0w13xCWilF4+bUy6MsFbwTCfdH5jreGas/l:G2/1fwCRMhCWe1byHyEPjre+N
Static task
static1
Behavioral task
behavioral1
Sample
d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
octo
https://countnatbt.site/YWRhZjAxNGM1YjFh/
https://mix3etbt.website/YWRhZjAxNGM1YjFh/
https://btcountates.fun/YWRhZjAxNGM1YjFh/
https://3countbt.pw/YWRhZjAxNGM1YjFh/
https://vat-app.su/YWRhZjAxNGM1YjFh/
https://alleggro.pw/YWRhZjAxNGM1YjFh/
Targets
-
-
Target
d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d.bin
-
Size
1.2MB
-
MD5
98f880d154eb4cd6caa11dcb74443898
-
SHA1
33d265ef073ba753337a2459b9dc914722445419
-
SHA256
d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d
-
SHA512
a2804fe514c5966d80a4a2ed7fabef6debc61fc4223d6e51ee91391ee1e7dfef6d244f3c55a987059de46a1ec2d72b091a44a1cdf2a38a9bb7c6ce0ea57c0cc9
-
SSDEEP
24576:NiF26yTJfwCxG0w13xCWilF4+bUy6MsFbwTCfdH5jreGas/l:G2/1fwCRMhCWe1byHyEPjre+N
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-