General
-
Target
cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9.bin
-
Size
187KB
-
Sample
240401-1xpxcsgh77
-
MD5
3da3657870504f47cb638a90d1dd88bc
-
SHA1
5ad6937aba10af75cb27b6db0b4cf45f743150bd
-
SHA256
cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9
-
SHA512
010329852877716915b240e943e468b9ceb363876a5dca6462abde12162166270dec2ede6fd9b20d810049e936325bb1afb5ed562cb3d51f3e3a3a17103bf9d6
-
SSDEEP
3072:H1g4oULzaTN14aHZ1F4jwTVizAbqMbMvZM9ajwOBNtzP13jGXRXFQq4FPAVfCNsf:HLoLFceSAbqli9+HNtz93jYR1Q3FIANA
Behavioral task
behavioral1
Sample
cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
octo
https://94.156.66.116:7117/gate/
Targets
-
-
Target
cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9.bin
-
Size
187KB
-
MD5
3da3657870504f47cb638a90d1dd88bc
-
SHA1
5ad6937aba10af75cb27b6db0b4cf45f743150bd
-
SHA256
cd015af6ccb1dbb0bdd84f1e1db4ac90c12b94599fd6fd858d5d7059549021f9
-
SHA512
010329852877716915b240e943e468b9ceb363876a5dca6462abde12162166270dec2ede6fd9b20d810049e936325bb1afb5ed562cb3d51f3e3a3a17103bf9d6
-
SSDEEP
3072:H1g4oULzaTN14aHZ1F4jwTVizAbqMbMvZM9ajwOBNtzP13jGXRXFQq4FPAVfCNsf:HLoLFceSAbqli9+HNtz93jYR1Q3FIANA
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-