General

  • Target

    58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff.bin

  • Size

    541KB

  • Sample

    240226-1zse9shd47

  • MD5

    4cb52525b8083ee9fe7aba425db2df5c

  • SHA1

    01c077263c2c6bdf49eb4edb1fa1e3dcd5413933

  • SHA256

    58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff

  • SHA512

    bc24b82a248acdb0463fec5c21353fe8552ee1a41761bd36bafcddab926122c0017693b1e30d2bee3fe74aa4c08884f72dfb808a0427994b43008d6536bb4610

  • SSDEEP

    12288:YpKXpGO7JloHJ/69ypJlqbs+5fpPDMMENdJ2yT6xMJnh:YAXp8lNb4fpPQDJ2+9nh

Malware Config

Extracted

Family

octo

C2

https://185.122.204.122/MDViMDU3NDYwMTBm/

https://trattotarakoniyse.com/MDViMDU3NDYwMTBm/

https://trattotarakoniyse.xyz/MDViMDU3NDYwMTBm/

https://trattotarakoniyse.net/MDViMDU3NDYwMTBm/

https://trattotarakoniconti.com/MDViMDU3NDYwMTBm/

https://trattotarakoniconti.xyz/MDViMDU3NDYwMTBm/

https://trattotarakoniconti.net/MDViMDU3NDYwMTBm/

AES_key

Targets

    • Target

      58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff.bin

    • Size

      541KB

    • MD5

      4cb52525b8083ee9fe7aba425db2df5c

    • SHA1

      01c077263c2c6bdf49eb4edb1fa1e3dcd5413933

    • SHA256

      58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff

    • SHA512

      bc24b82a248acdb0463fec5c21353fe8552ee1a41761bd36bafcddab926122c0017693b1e30d2bee3fe74aa4c08884f72dfb808a0427994b43008d6536bb4610

    • SSDEEP

      12288:YpKXpGO7JloHJ/69ypJlqbs+5fpPDMMENdJ2yT6xMJnh:YAXp8lNb4fpPQDJ2+9nh

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks