General

  • Target

    032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2.bin

  • Size

    196KB

  • Sample

    240226-1wslvshb92

  • MD5

    df754f168b10893c0edaec27cfa9613e

  • SHA1

    2d7fb5f78b18fa48657685377cf8a92dd053c997

  • SHA256

    032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2

  • SHA512

    498740129bb7de0c071f2c512abf0bcfee2959a64cf9fde3466d190a701f0410bf9753935167dc4284a096a58b9478f81798c290483294a73164d2979b7ba248

  • SSDEEP

    6144:+8/vbYNfxm7t1bKRivHsAgGaT/HozADEbJ:+8yJKt1b/EQzAiJ

Malware Config

Extracted

Family

octo

C2

https://213.166.70.17:7117/gate/

AES_key

Targets

    • Target

      032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2.bin

    • Size

      196KB

    • MD5

      df754f168b10893c0edaec27cfa9613e

    • SHA1

      2d7fb5f78b18fa48657685377cf8a92dd053c997

    • SHA256

      032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2

    • SHA512

      498740129bb7de0c071f2c512abf0bcfee2959a64cf9fde3466d190a701f0410bf9753935167dc4284a096a58b9478f81798c290483294a73164d2979b7ba248

    • SSDEEP

      6144:+8/vbYNfxm7t1bKRivHsAgGaT/HozADEbJ:+8yJKt1b/EQzAiJ

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks