Resubmissions

10-06-2024 06:05

240610-gtf1hach91 6

02-03-2024 12:52

240302-p4kensde41 10

General

  • Target

    chrome-update23454.apk

  • Size

    1.9MB

  • Sample

    240302-p4kensde41

  • MD5

    91443f1c7db27ecf09b291172a960622

  • SHA1

    94e791a4ba4c77921a8ebd74b4300b82eab279dd

  • SHA256

    2af606a1fd9b5f70f2495cdc484e7ecc8004d754f12ac6945bb30eaba3d8446f

  • SHA512

    2ee0648714403385c59a490f58db2adccc4877dad75f2d3d479196d5cab67f050b2f6682ba9449f1e863233e0b96f92c5b31ccfdd0697312267c4fa50907cb11

  • SSDEEP

    49152:xXMIax35+0h26zjON4lrnESt9X6ZGZbmqNSscAE4KoSe:KdRg3NI/3X6ZQ/NdH

Malware Config

Extracted

Family

octo

C2

https://caramiliudj16.live/MTU2OWE0NzJjNGY5/

https://boodycookies41.info/MTU2OWE0NzJjNGY5/

https://smoorfikimv.pro/MTU2OWE0NzJjNGY5/

https://alimavij72.vip/MTU2OWE0NzJjNGY5/

https://5a9udxg6l6gd.su/MTU2OWE0NzJjNGY5/

AES_key

Targets

    • Target

      chrome-update23454.apk

    • Size

      1.9MB

    • MD5

      91443f1c7db27ecf09b291172a960622

    • SHA1

      94e791a4ba4c77921a8ebd74b4300b82eab279dd

    • SHA256

      2af606a1fd9b5f70f2495cdc484e7ecc8004d754f12ac6945bb30eaba3d8446f

    • SHA512

      2ee0648714403385c59a490f58db2adccc4877dad75f2d3d479196d5cab67f050b2f6682ba9449f1e863233e0b96f92c5b31ccfdd0697312267c4fa50907cb11

    • SSDEEP

      49152:xXMIax35+0h26zjON4lrnESt9X6ZGZbmqNSscAE4KoSe:KdRg3NI/3X6ZQ/NdH

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks