General
-
Target
173aa89091bd450df5cb0af509b8ddd74ebb2097433e8f2998edcd3848647b7a.bin
-
Size
509KB
-
Sample
240413-1w1bpsad55
-
MD5
913847e5845268f10a4a2b11024827ea
-
SHA1
b542051df3e58b6712c5a72361a5d1c686233ba9
-
SHA256
173aa89091bd450df5cb0af509b8ddd74ebb2097433e8f2998edcd3848647b7a
-
SHA512
c8b2804a0896b8e2b4ee58e4358f14c7780e5a2e28c01bf5ee31fdf17d3c033be728108fc775adbb2a0d6875b13b82240c8feb390fbebdffcbf4f1b6683f7391
-
SSDEEP
12288:tSkTYtBbHmGKNuFak1Rsg8c7kdwmlzo1wRFY4EsQWNSznw:MaCZuEp8m7WRFVqznw
Static task
static1
Behavioral task
behavioral1
Sample
173aa89091bd450df5cb0af509b8ddd74ebb2097433e8f2998edcd3848647b7a.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
173aa89091bd450df5cb0af509b8ddd74ebb2097433e8f2998edcd3848647b7a.apk
Resource
android-33-x64-arm64-20240229-en
Malware Config
Extracted
octo
https://tecbabbshop24578.shop/ZDQyN2NmOGEZOTIK/
https://karamdsadvs2.shop/ZDQyN2NmOGEZOTIK/
https://karakalandankasd5.com/ZDQyN2NmOGEZOTIK/
https://tecklardankalan.shop/ZDQyN2NmOGEZOTIK/
Targets
-
-
Target
173aa89091bd450df5cb0af509b8ddd74ebb2097433e8f2998edcd3848647b7a.bin
-
Size
509KB
-
MD5
913847e5845268f10a4a2b11024827ea
-
SHA1
b542051df3e58b6712c5a72361a5d1c686233ba9
-
SHA256
173aa89091bd450df5cb0af509b8ddd74ebb2097433e8f2998edcd3848647b7a
-
SHA512
c8b2804a0896b8e2b4ee58e4358f14c7780e5a2e28c01bf5ee31fdf17d3c033be728108fc775adbb2a0d6875b13b82240c8feb390fbebdffcbf4f1b6683f7391
-
SSDEEP
12288:tSkTYtBbHmGKNuFak1Rsg8c7kdwmlzo1wRFY4EsQWNSznw:MaCZuEp8m7WRFVqznw
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-