General
-
Target
df096deb86121239ee8332be356cb47a3c47398cbf8bca775e009e2342cfae3a.bin
-
Size
1.5MB
-
Sample
240423-1ye4jscc4t
-
MD5
cc1274948304fda99d0e10a01e1fb671
-
SHA1
9b33a91f5c8b0ea17dde921bcefcbfc7d2481601
-
SHA256
df096deb86121239ee8332be356cb47a3c47398cbf8bca775e009e2342cfae3a
-
SHA512
d93375752ac21b4faaae5a34567fa0eefedec8239f08f449954dccafc5e5cea3628b271fb3918a4f1b999684df9c932e15889f8d04b46c7f43b92f25108510e2
-
SSDEEP
49152:KCki/x3DikWtF9Nav4cXkYUm2QAE4KoSTkX+ZGZbmq7:KCp12kW39NoCFz1X+ZQ/7
Static task
static1
Behavioral task
behavioral1
Sample
df096deb86121239ee8332be356cb47a3c47398cbf8bca775e009e2342cfae3a.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
df096deb86121239ee8332be356cb47a3c47398cbf8bca775e009e2342cfae3a.apk
Resource
android-33-x64-arm64-20240229-en
Malware Config
Extracted
octo
https://musherpicka.live/MTU2OWE0NzJjNGY5/
https://golevasi800.top/MTU2OWE0NzJjNGY5/
https://cm603lzeyxdw.site/MTU2OWE0NzJjNGY5/
https://cm603lzeyxdw1.site/MTU2OWE0NzJjNGY5/
https://arw2he7x57wp.pw/MTU2OWE0NzJjNGY5/
https://9r8i1u84t2gp.online/MTU2OWE0NzJjNGY5/
https://cm603lzeyxdw.biz/MTU2OWE0NzJjNGY5/
https://arw2he7x57wp1.pw/MTU2OWE0NzJjNGY5/
https://9r8i1u84t2gp1.online/MTU2OWE0NzJjNGY5/
https://cm603lzeyxdw.space/MTU2OWE0NzJjNGY5/
https://5a9udxg6l6gd.su/MTU2OWE0NzJjNGY5/
Targets
-
-
Target
df096deb86121239ee8332be356cb47a3c47398cbf8bca775e009e2342cfae3a.bin
-
Size
1.5MB
-
MD5
cc1274948304fda99d0e10a01e1fb671
-
SHA1
9b33a91f5c8b0ea17dde921bcefcbfc7d2481601
-
SHA256
df096deb86121239ee8332be356cb47a3c47398cbf8bca775e009e2342cfae3a
-
SHA512
d93375752ac21b4faaae5a34567fa0eefedec8239f08f449954dccafc5e5cea3628b271fb3918a4f1b999684df9c932e15889f8d04b46c7f43b92f25108510e2
-
SSDEEP
49152:KCki/x3DikWtF9Nav4cXkYUm2QAE4KoSTkX+ZGZbmq7:KCp12kW39NoCFz1X+ZQ/7
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-