General
-
Target
032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2.bin
-
Size
196KB
-
Sample
240226-1wslvshb92
-
MD5
df754f168b10893c0edaec27cfa9613e
-
SHA1
2d7fb5f78b18fa48657685377cf8a92dd053c997
-
SHA256
032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2
-
SHA512
498740129bb7de0c071f2c512abf0bcfee2959a64cf9fde3466d190a701f0410bf9753935167dc4284a096a58b9478f81798c290483294a73164d2979b7ba248
-
SSDEEP
6144:+8/vbYNfxm7t1bKRivHsAgGaT/HozADEbJ:+8yJKt1b/EQzAiJ
Behavioral task
behavioral1
Sample
032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
octo
https://213.166.70.17:7117/gate/
Targets
-
-
Target
032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2.bin
-
Size
196KB
-
MD5
df754f168b10893c0edaec27cfa9613e
-
SHA1
2d7fb5f78b18fa48657685377cf8a92dd053c997
-
SHA256
032af1c9daaf2bde7fe6f5c6ff5f00b469ed79a95bcfb26ab9b0afaa2682f8c2
-
SHA512
498740129bb7de0c071f2c512abf0bcfee2959a64cf9fde3466d190a701f0410bf9753935167dc4284a096a58b9478f81798c290483294a73164d2979b7ba248
-
SSDEEP
6144:+8/vbYNfxm7t1bKRivHsAgGaT/HozADEbJ:+8yJKt1b/EQzAiJ
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-