General

  • Target

    b49e391d44c9bad878103d3f72748cac1c6c2d253f394a05fa0bcf8b44b7f5e0.bin

  • Size

    1.7MB

  • Sample

    240301-1yzg7aec34

  • MD5

    753ab4c3d1f766b47634381e5bb79399

  • SHA1

    dacd90758a8efb2a5ec927436ec5e4a54a153149

  • SHA256

    b49e391d44c9bad878103d3f72748cac1c6c2d253f394a05fa0bcf8b44b7f5e0

  • SHA512

    23ff2cab7d97da484e75ed70536fb2ca76d5d65331d6bfbbfa1f039077bd977e48681524a308de2c6d2aa606e737c5b8bc87be946eb4f5121cdae62506335c3f

  • SSDEEP

    49152:aZKJruj3D7Wq1jWvLXOc9AvBd7FkJmiZA3gwjTV:eKJrnvLT9gymiax

Malware Config

Extracted

Family

octo

C2

https://s322231232fdnsjds.top/OGYyZmMyZmVlMGI0/

AES_key

Targets

    • Target

      b49e391d44c9bad878103d3f72748cac1c6c2d253f394a05fa0bcf8b44b7f5e0.bin

    • Size

      1.7MB

    • MD5

      753ab4c3d1f766b47634381e5bb79399

    • SHA1

      dacd90758a8efb2a5ec927436ec5e4a54a153149

    • SHA256

      b49e391d44c9bad878103d3f72748cac1c6c2d253f394a05fa0bcf8b44b7f5e0

    • SHA512

      23ff2cab7d97da484e75ed70536fb2ca76d5d65331d6bfbbfa1f039077bd977e48681524a308de2c6d2aa606e737c5b8bc87be946eb4f5121cdae62506335c3f

    • SSDEEP

      49152:aZKJruj3D7Wq1jWvLXOc9AvBd7FkJmiZA3gwjTV:eKJrnvLT9gymiax

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks