coper | 807ae6fad203cd63af2a8f511aa8849a819cc535471e1462676eb79a18bc6ae7

General

Target

807ae6fad203cd63af2a8f511aa8849a819cc535471e1462676eb79a18bc6ae7.bin
Size

184KB
Sample

240410-1wv2zsff6y
MD5

1c7abbc109bcd0387da7f2e3cc4e2496
SHA1

8cd76ff739ee4d1339f660b2306261fcf788d9a5
SHA256

807ae6fad203cd63af2a8f511aa8849a819cc535471e1462676eb79a18bc6ae7
SHA512

e27b438794a68e719e8a81a8147a344ca59325050346e632cc1002c39429356aa4dcd8d23601416ed29414bd199e7b25b1fd324399c8548bb15cd9a87119a70d
SSDEEP

3072:V5lhQeFqu5ddkbdS65S/ecC2HQiINsYNr/FwLmbRULI6JzH9Uq:V5lH5jZWDIPIZBRchH

Score

10^/10

Malware Config

Extracted

Family

octo

C2

https://shoprise57899321.shop/YmQ5ZDVkMzRkZjE5/

https://emporiumwave245768.shop/YmQ5ZDVkMzRkZjE5/

https://worldfusion891056.shop/YmQ5ZDVkMzRkZjE5/

https://universevibe123459.shop/YmQ5ZDVkMzRkZjE5/

https://emporiumdelight987656.shop/YmQ5ZDVkMzRkZjE5/

https://thopris578993215.shop/YmQ5ZDVkMzRkZjE5/

https://empoiumwave245768.shop/YmQ5ZDVkMzRkZjE5/

https://worfusion891056.shop/YmQ5ZDVkMzRkZjE5/

https://unirsevibe123459.shop/YmQ5ZDVkMzRkZjE5/

https://eoriumdelight987656.shop/YmQ5ZDVkMzRkZjE5/

AES_key

Targets

- Target
  
  807ae6fad203cd63af2a8f511aa8849a819cc535471e1462676eb79a18bc6ae7.bin
- Size
  
  184KB
- MD5
  
  1c7abbc109bcd0387da7f2e3cc4e2496
- SHA1
  
  8cd76ff739ee4d1339f660b2306261fcf788d9a5
- SHA256
  
  807ae6fad203cd63af2a8f511aa8849a819cc535471e1462676eb79a18bc6ae7
- SHA512
  
  e27b438794a68e719e8a81a8147a344ca59325050346e632cc1002c39429356aa4dcd8d23601416ed29414bd199e7b25b1fd324399c8548bb15cd9a87119a70d
- SSDEEP
  
  3072:V5lhQeFqu5ddkbdS65S/ecC2HQiINsYNr/FwLmbRULI6JzH9Uq:V5lH5jZWDIPIZBRchH
Score

10^/10

octo banker collection discovery evasion infostealer persistence rat stealth trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Octo

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Removes its main activity from the application launcher

Checks CPU information

Checks memory information

Makes use of the framework's foreground persistence service

Queries the phone number (MSISDN for GSM devices)

Acquires the wake lock

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3