General
-
Target
f471ff45d6c9fd91fda9d224901c5ddd214375898d054419bf7faac09cc6b9cf.apk
-
Size
546KB
-
Sample
240319-l556zsaa5s
-
MD5
32692b7422865a6f8c133021aec513af
-
SHA1
0ed39aa880b52715a45df0481755e68c847a56ea
-
SHA256
f471ff45d6c9fd91fda9d224901c5ddd214375898d054419bf7faac09cc6b9cf
-
SHA512
50653a63527d392661b04f85044dacb848c84d6c94ee56945c746a73b31979e55fd068f45e0ab53f481fd9e64981270a206000a9f42e304660a1308dc79d118d
-
SSDEEP
12288:iMkNUrYAJ9uQXeu+qCemdOvHWx3vKA9mTHezwkRGFDQSlPEnP:pkirYAJ9xXehHOvHWxTmzezwkRjSl8nP
Static task
static1
Behavioral task
behavioral1
Sample
f471ff45d6c9fd91fda9d224901c5ddd214375898d054419bf7faac09cc6b9cf.apk
Resource
android-x86-arm-20240221-en
Malware Config
Extracted
octo
https://autoinspain.top/ZTZkNTJjNTkwYzk3/
https://bookakasay2.site/ZTZkNTJjNTkwYzk3/
https://bookakasay3.site/ZTZkNTJjNTkwYzk3/
https://nqggvbvqqwq.com/ZTZkNTJjNTkwYzk3/
https://nqggvbvqqdfdsfsq.com/ZTZkNTJjNTkwYzk3/
https://bookakasayyy.site/ZTZkNTJjNTkwYzk3/
https://nqgnqgnqgnqg.online/ZTZkNTJjNTkwYzk3/
https://qdfdsvbvqqdtt.top/ZTZkNTJjNTkwYzk3/
https://qdfdsvbvqqdsa.top/ZTZkNTJjNTkwYzk3/
https://qdfdsvbvqq3d.top/ZTZkNTJjNTkwYzk3/
https://qdfdsvbvqqd.net/ZTZkNTJjNTkwYzk3/
https://dfdsvbvqq.cc/ZTZkNTJjNTkwYzk3/
-
target_apps
com.coinbase.android
com.android.smspush
es.evobanco.bancamovil
com.android.mms.service
com.android.mms
com.google.android.gms
es.caixabank.caixabanksign
com.samsung.android.messaging
com.google.android.gm
com.transferwise.android
com.google.android.apps.messaging
com.bbva.bbvacontigo
com.abanca.bancaempresas
com.bancsabadell.wallet
com.bankinter.bkwallet
com.bankinter.empresas
com.bankinter.launcher
com.bbva.netcash
com.cajasur.android
es.vodafone.mobile.mivodafone
com.db.pbc.mibanco
com.grupocajamar.wefferent
com.imaginbank.app
com.indra.itecban.mobile.novobanco
com.indra.itecban.triodosbank.mobile.banking
com.kutxabank.android
com.rsi
com.tecnocom.cajalaboral
es.bancosantander.apps
es.bancosantander.empresas
es.caixageral.caixageralapp
es.ceca.cajalnet
es.cm.android
es.ibercaja.ibercajaapp
es.lacaixa.mobile.android.newwapicon
es.liberbank.cajasturapp
es.openbank.mobile
es.pibank.customers
es.univia.unicajamovil
gt.com.bi.bienlinea
net.inverline.bancosabadell.officelocator.android
www.ingdirect.nativeframe
com.carrefour.carrefourPass
com.correosprepago
com.elcorteingles.app
com.feci.apps
es.unicajabanco.app
com.mediolanum
es.orangebank.app
com.comarch.mobile.banking.bgzbnpparibas.biznes
com.comarch.security.mobilebanking
com.empik.empikapp
com.empik.empikfoto
com.finanteq.finance.bgz
com.finanteq.finance.ca
com.getingroup.mobilebanking
com.konylabs.cbplpat
eu.eleader.mobilebanking.invest
payumoney.merchantap
pl.aliorbank.aib
pl.allegro
pl.bph
pl.bps.bankowoscmobilna
pl.bzwbk.bzwbk24
pl.ceneo
pl.com.rossmann.centauros
pl.envelobank.aplikacja
pl.fakturownia
pl.ideabank.mobilebanking
pl.ifirma.ifirmafaktury
pl.ing.mojeing
pl.mbank
pl.nestbank.nestbank
pl.noblebank.mobile
pl.orange.mojeorange
pl.pkobp.iko
pl.raiffeisen.nfc
pl.sgb.wallet
softax.pekao.powerpay
wit.android.bcpBankingApp.millenniumPL
com.avuscapital.trading212
com.binance.dev
com.bitfinex.mobileapp
com.bitmarket.trader
com.bitpay.wallet
com.btcturk
com.changelly.app
com.cmcmarkets.android.cfd
com.gemini.android.app
com.huobionchainwallet.gp
com.kraken.trade
com.kubi.kucoin
com.mycelium.wallet
com.okinc.okcoin.intl
com.okinc.okex.gp
com.plunien.poloniex
com.squareup.cash
com.unocoin.unocoinwallet
com.wavesplatform.wallet
global.bithumb.android
net.bitbay.bitcoin
net.bitstamp.app
org.electrum.electrum
piuk.blockchain.android
pl.cinkciarz
com.boursorama.android.clients
com.caisseepargne.android.mobilebanking
com.cm_prod.bad
com.ocito.cdn.activity.creditdunord
fr.banquepopulaire.cyberplus
fr.creditagricole.androidapp
fr.lcl.android.customerarea
ma.gbp.pocketbank
mobi.societegenerale.mobile.lappli
net.bnpparibas.mescomptes
cgd.pt.caixadirectaparticulares
com.abanca.bm.pt
com.bbva.mobile.pt
com.exictos.mbanka.bic
pt.bancobpi.mobile.fiabilizacao
pt.novobanco.nbapp
pt.santandertotta.mobileparticulares
wit.android.bcpBankingApp.millennium
app.wizink.pt
com.baninter
com.bankinter.portugal.bmb
eu.atlantico.bancoatlanticoapp
pt.bancobest.android.mobilebanking
pt.bctt.appbctt
pt.bigonline.BiGMobile
pt.cgd.caixadirectaempresas
pt.santandertotta.mobileempresas
pt.sibs.android.mbway
wit.android.bcpBankingApp.activoBank
ae.almasraf.mobileapp
ae.hsbc.hsbcuae
app.alansari
com.NBQBank
com.a2a.android.burgan
com.aaib
com.adcb.bank
com.adcb.cbgdigi
com.adib.mobile
com.alahli.mobile.android
com.bankfab.pbg.ae.dubaifirst
com.base.bankalfalah
com.cbd.mobile
com.citibank.mobile.citiuaePAT
com.dib.app
com.ebos.bos
com.emiratesnbd.android
com.etisalat.ewallet
com.fab.personalbanking
com.fh.payday
com.infosys.alh
com.mashreq.NeoApp
com.mbanking.ajmanbank
com.mbankuae.amcb
com.myc3card.app
com.rak
com.riyadbank.strategic
com.scb.ae.bmw
com.sib.retail
com.uab.personal
com.ubldigital.uae
com.vipera.nbf
com.vipera.ts.starter.MashreqAE
com.yap.banking
enbd.mobilebanking
tcig.mynajm
com.BankAlBilad.EnjazApp
com.BankAlBilad
com.acceltree.mtc.screens
com.alahli.quickpay
com.alinma.retail.mobile
com.arabbank.arabimobilev2
com.fi7026.godough
com.friendipay.app
com.mbc.anb.keystore
com.sabb.mobilebanking
com.saib.banking.mobile.android
com.samba.mb
com.urpay.consumer
sa.alrajhibank.tahweelapp
sa.com.stcpay
com.db.mobilebanking
com.pozitron.qib
com.vipera.ts.starter.QNB
com.cbq.CBMobile
com.Barwa
com.amx.amxremit
com.boubyanapp.boubyan.bank
com.globe.gcash.android
com.nbk.IBGmobile
com.ofss.gbkprodret
com.veripark
com.warbabank.wallet
eu.eleader.mobilebanking.kib
qa.ooredoo.omm
com.cimb.sg.clicksMobile
com.citibank.mobile.sg
com.dbs.sg.dbsmbanking
com.dbs.sg.posbmbanking
com.ocbc.mobile
com.uob.biz.mobi.app
com.uob.mighty.app
sg.com.hsbc.hsbcsingapore
sg.maybank.pmb
sg.trust
air.app.scb.breeze.android.main.sg.prod
com.paypal.android.p2pmobile
com.revolut.revolut
com.verse
de.number26.android
com.bunq.android
vivid.money
app.wizink.es
Targets
-
-
Target
f471ff45d6c9fd91fda9d224901c5ddd214375898d054419bf7faac09cc6b9cf.apk
-
Size
546KB
-
MD5
32692b7422865a6f8c133021aec513af
-
SHA1
0ed39aa880b52715a45df0481755e68c847a56ea
-
SHA256
f471ff45d6c9fd91fda9d224901c5ddd214375898d054419bf7faac09cc6b9cf
-
SHA512
50653a63527d392661b04f85044dacb848c84d6c94ee56945c746a73b31979e55fd068f45e0ab53f481fd9e64981270a206000a9f42e304660a1308dc79d118d
-
SSDEEP
12288:iMkNUrYAJ9uQXeu+qCemdOvHWx3vKA9mTHezwkRGFDQSlPEnP:pkirYAJ9xXehHOvHWxTmzezwkRjSl8nP
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-