General
-
Target
1591de9cce0b68d29e665d882c699c5957f0833749f51b2027006916b827297e.bin
-
Size
1.7MB
-
Sample
240423-1yjrqscd45
-
MD5
c59e9a7d848a4b1e7ed6da2b6cb4ed39
-
SHA1
1e90220fdab086d10bf2297050d5b09d019261a1
-
SHA256
1591de9cce0b68d29e665d882c699c5957f0833749f51b2027006916b827297e
-
SHA512
2cd7e526b8e3efec1393a30984b4356519959a92708a861bd6eba384ad509a67180cd3233a5090b7dd1167329ebdd5fa5f2369fa276a975ad6c7eea2658dfbba
-
SSDEEP
49152:cS64xKzMI7CulVDwoaR6lHBBfKQaCG0GsXCaEAdFN:2u0TVwoaAlH3fx9dXCazdFN
Static task
static1
Behavioral task
behavioral1
Sample
1591de9cce0b68d29e665d882c699c5957f0833749f51b2027006916b827297e.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
1591de9cce0b68d29e665d882c699c5957f0833749f51b2027006916b827297e.apk
Resource
android-x64-20240221-en
Malware Config
Extracted
octo
https://ipscanworldbest.xyz/NmE0N2YwOWEzMTM3/
https://ipworldscanbest.xyz/NmE0N2YwOWEzMTM3/
https://ipworldbestscan.xyz/NmE0N2YwOWEzMTM3/
https://worldbestscanip.xyz/NmE0N2YwOWEzMTM3/
https://worldbestipscan.xyz/NmE0N2YwOWEzMTM3/
https://worldscanbestip.xyz/NmE0N2YwOWEzMTM3/
https://worldscanipbest.xyz/NmE0N2YwOWEzMTM3/
https://bestworldscanip.xyz/NmE0N2YwOWEzMTM3/
https://bestipworldscan.xyz/NmE0N2YwOWEzMTM3/
https://scanbestworldip.xyz/NmE0N2YwOWEzMTM3/
Targets
-
-
Target
1591de9cce0b68d29e665d882c699c5957f0833749f51b2027006916b827297e.bin
-
Size
1.7MB
-
MD5
c59e9a7d848a4b1e7ed6da2b6cb4ed39
-
SHA1
1e90220fdab086d10bf2297050d5b09d019261a1
-
SHA256
1591de9cce0b68d29e665d882c699c5957f0833749f51b2027006916b827297e
-
SHA512
2cd7e526b8e3efec1393a30984b4356519959a92708a861bd6eba384ad509a67180cd3233a5090b7dd1167329ebdd5fa5f2369fa276a975ad6c7eea2658dfbba
-
SSDEEP
49152:cS64xKzMI7CulVDwoaR6lHBBfKQaCG0GsXCaEAdFN:2u0TVwoaAlH3fx9dXCazdFN
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-