General
-
Target
792c20662fcd624b5dbd120fbce9ab410e8fb964cb9c3282c7f5480d655a5ec7.bin
-
Size
298KB
-
Sample
240730-gtwqysyhkc
-
MD5
1604992123eb5fc79ae60b48dfb79953
-
SHA1
d83e83c51402e68ec7f008724ae0ddf54a0419f9
-
SHA256
792c20662fcd624b5dbd120fbce9ab410e8fb964cb9c3282c7f5480d655a5ec7
-
SHA512
08a288c52cd08d01a1287de55ef90556385dd5317a22127c159c601d04557b3bb839177370994880efdf8c7ff3931cd4b5c4b67c8d6479a004657f4a2864f792
-
SSDEEP
6144:9+Skpd5ol4xg13P07jk202YPoF4ZODrFZRlRNGzszloFoqeA:9+SkpPoGO5qQ202YAF77gslQoZA
Behavioral task
behavioral1
Sample
792c20662fcd624b5dbd120fbce9ab410e8fb964cb9c3282c7f5480d655a5ec7.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
792c20662fcd624b5dbd120fbce9ab410e8fb964cb9c3282c7f5480d655a5ec7.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
792c20662fcd624b5dbd120fbce9ab410e8fb964cb9c3282c7f5480d655a5ec7.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
792c20662fcd624b5dbd120fbce9ab410e8fb964cb9c3282c7f5480d655a5ec7.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
octo
https://45.93.20.118:7117/gate/
Targets
-
-
Target
792c20662fcd624b5dbd120fbce9ab410e8fb964cb9c3282c7f5480d655a5ec7.bin
-
Size
298KB
-
MD5
1604992123eb5fc79ae60b48dfb79953
-
SHA1
d83e83c51402e68ec7f008724ae0ddf54a0419f9
-
SHA256
792c20662fcd624b5dbd120fbce9ab410e8fb964cb9c3282c7f5480d655a5ec7
-
SHA512
08a288c52cd08d01a1287de55ef90556385dd5317a22127c159c601d04557b3bb839177370994880efdf8c7ff3931cd4b5c4b67c8d6479a004657f4a2864f792
-
SSDEEP
6144:9+Skpd5ol4xg13P07jk202YPoF4ZODrFZRlRNGzszloFoqeA:9+SkpPoGO5qQ202YAF77gslQoZA
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests modifying system settings.
-