General
-
Target
58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff.bin
-
Size
541KB
-
Sample
240226-1zse9shd47
-
MD5
4cb52525b8083ee9fe7aba425db2df5c
-
SHA1
01c077263c2c6bdf49eb4edb1fa1e3dcd5413933
-
SHA256
58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff
-
SHA512
bc24b82a248acdb0463fec5c21353fe8552ee1a41761bd36bafcddab926122c0017693b1e30d2bee3fe74aa4c08884f72dfb808a0427994b43008d6536bb4610
-
SSDEEP
12288:YpKXpGO7JloHJ/69ypJlqbs+5fpPDMMENdJ2yT6xMJnh:YAXp8lNb4fpPQDJ2+9nh
Static task
static1
Behavioral task
behavioral1
Sample
58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff.apk
Resource
android-x64-20240221-en
Malware Config
Extracted
octo
https://185.122.204.122/MDViMDU3NDYwMTBm/
https://trattotarakoniyse.com/MDViMDU3NDYwMTBm/
https://trattotarakoniyse.xyz/MDViMDU3NDYwMTBm/
https://trattotarakoniyse.net/MDViMDU3NDYwMTBm/
https://trattotarakoniconti.com/MDViMDU3NDYwMTBm/
https://trattotarakoniconti.xyz/MDViMDU3NDYwMTBm/
https://trattotarakoniconti.net/MDViMDU3NDYwMTBm/
Targets
-
-
Target
58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff.bin
-
Size
541KB
-
MD5
4cb52525b8083ee9fe7aba425db2df5c
-
SHA1
01c077263c2c6bdf49eb4edb1fa1e3dcd5413933
-
SHA256
58b8e0dc2a1ed51113769861623f07dec76646d0d368cc5e2b9af3d07419a3ff
-
SHA512
bc24b82a248acdb0463fec5c21353fe8552ee1a41761bd36bafcddab926122c0017693b1e30d2bee3fe74aa4c08884f72dfb808a0427994b43008d6536bb4610
-
SSDEEP
12288:YpKXpGO7JloHJ/69ypJlqbs+5fpPDMMENdJ2yT6xMJnh:YAXp8lNb4fpPQDJ2+9nh
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-