General
-
Target
3f5451c5fa96aeca29baa5609b344205ebe620aabced7295687e1309e3414898.bin
-
Size
221KB
-
Sample
240423-1wttxscc88
-
MD5
b5d5d0ed6a86e869623abf7b33b66fb7
-
SHA1
f102f415120e8e4fefde728efe3ad4d7ace49199
-
SHA256
3f5451c5fa96aeca29baa5609b344205ebe620aabced7295687e1309e3414898
-
SHA512
78c036d080f87a18426cd87a381ab74c8ea24e32a8bf868c7887d4c7ed651b3df6851a59301898b2cdfd57db67d82d87dbd30ae7594636cbedaadc917ceac788
-
SSDEEP
3072:eWBLOrYzeXEvfKN61jmh7p+PM0FotjtzmokKDlJZPHvM+cQ/30KnEvNQwQ:BuEvfJ1jmFp+PM0Fot1mOBkbQ/EuGI
Static task
static1
Behavioral task
behavioral1
Sample
3f5451c5fa96aeca29baa5609b344205ebe620aabced7295687e1309e3414898.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
3f5451c5fa96aeca29baa5609b344205ebe620aabced7295687e1309e3414898.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
3f5451c5fa96aeca29baa5609b344205ebe620aabced7295687e1309e3414898.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
octo
https://392xop6-soz3.shop/YmQ5ZDVkMzRkZjE5/
https://184mop3-fax7.shop/YmQ5ZDVkMzRkZjE5/
https://shoprise57899321.shop/YmQ5ZDVkMzRkZjE5/
https://emporiumwave245768.shop/YmQ5ZDVkMzRkZjE5/
https://universevibe123459.shop/YmQ5ZDVkMzRkZjE5/
https://worldfusion891056.shop/YmQ5ZDVkMzRkZjE5/
https://evcilkusbeslemesix.shop/YmQ5ZDVkMzRkZjE5/
https://emporiumdelight987656.shop/YmQ5ZDVkMzRkZjE5/
https://tokatliahmetsmotorcukuryesi.top/YmQ5ZDVkMzRkZjE5/
https://yedieminsahasicankiri.com/YmQ5ZDVkMzRkZjE5/
Targets
-
-
Target
3f5451c5fa96aeca29baa5609b344205ebe620aabced7295687e1309e3414898.bin
-
Size
221KB
-
MD5
b5d5d0ed6a86e869623abf7b33b66fb7
-
SHA1
f102f415120e8e4fefde728efe3ad4d7ace49199
-
SHA256
3f5451c5fa96aeca29baa5609b344205ebe620aabced7295687e1309e3414898
-
SHA512
78c036d080f87a18426cd87a381ab74c8ea24e32a8bf868c7887d4c7ed651b3df6851a59301898b2cdfd57db67d82d87dbd30ae7594636cbedaadc917ceac788
-
SSDEEP
3072:eWBLOrYzeXEvfKN61jmh7p+PM0FotjtzmokKDlJZPHvM+cQ/30KnEvNQwQ:BuEvfJ1jmFp+PM0Fot1mOBkbQ/EuGI
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-