General

  • Target

    d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d.bin

  • Size

    1.2MB

  • Sample

    240225-1xsm9aec3x

  • MD5

    98f880d154eb4cd6caa11dcb74443898

  • SHA1

    33d265ef073ba753337a2459b9dc914722445419

  • SHA256

    d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d

  • SHA512

    a2804fe514c5966d80a4a2ed7fabef6debc61fc4223d6e51ee91391ee1e7dfef6d244f3c55a987059de46a1ec2d72b091a44a1cdf2a38a9bb7c6ce0ea57c0cc9

  • SSDEEP

    24576:NiF26yTJfwCxG0w13xCWilF4+bUy6MsFbwTCfdH5jreGas/l:G2/1fwCRMhCWe1byHyEPjre+N

Malware Config

Extracted

Family

octo

C2

https://countnatbt.site/YWRhZjAxNGM1YjFh/

https://mix3etbt.website/YWRhZjAxNGM1YjFh/

https://btcountates.fun/YWRhZjAxNGM1YjFh/

https://3countbt.pw/YWRhZjAxNGM1YjFh/

https://vat-app.su/YWRhZjAxNGM1YjFh/

https://alleggro.pw/YWRhZjAxNGM1YjFh/

AES_key

Targets

    • Target

      d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d.bin

    • Size

      1.2MB

    • MD5

      98f880d154eb4cd6caa11dcb74443898

    • SHA1

      33d265ef073ba753337a2459b9dc914722445419

    • SHA256

      d86898601caed21cdad436c5aca68d571bdd984375bb63e013092b45cb183d0d

    • SHA512

      a2804fe514c5966d80a4a2ed7fabef6debc61fc4223d6e51ee91391ee1e7dfef6d244f3c55a987059de46a1ec2d72b091a44a1cdf2a38a9bb7c6ce0ea57c0cc9

    • SSDEEP

      24576:NiF26yTJfwCxG0w13xCWilF4+bUy6MsFbwTCfdH5jreGas/l:G2/1fwCRMhCWe1byHyEPjre+N

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks