Overview

overview

10

Static

static

10

4df50b6ec3...3a.apk

android-10-x64

10

Resubmissions

09-10-2024 04:15

241009-evcy5avgpl 10

07-10-2024 22:25

241007-2caglswdql 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4df50b6ec352120fe19e2027fe4fabb53fd2cce335e6e25a74ab433df7088b3a.bin

  • Size

    2.7MB

  • Sample

    241009-evcy5avgpl

  • MD5

    bbe31acd684c7da02897c3cb685e9888

  • SHA1

    098a6f40799c5ce7ea43103c7a3ad466ef3515c3

  • SHA256

    4df50b6ec352120fe19e2027fe4fabb53fd2cce335e6e25a74ab433df7088b3a

  • SHA512

    6d72bbb7c8a7ca6cb1601fb08e1e5f4000b254ff18dbd3042d6b6ec08588c957a0c3dd97245416dc5c3f995e3c61e02aa1b944e81228b8fe059bd25a67c11ec7

  • SSDEEP

    49152:LYvk6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQJ:LY8FjEI4iZaUzYH99yIE

Score
10/10
octoandroidbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://94.156.104.71:7117/gate/

rc4.plain

Extracted

Family

octo

C2

https://94.156.104.71:7117/gate/

AES_key

Targets

    • Target

      4df50b6ec352120fe19e2027fe4fabb53fd2cce335e6e25a74ab433df7088b3a.bin

    • Size

      2.7MB

    • MD5

      bbe31acd684c7da02897c3cb685e9888

    • SHA1

      098a6f40799c5ce7ea43103c7a3ad466ef3515c3

    • SHA256

      4df50b6ec352120fe19e2027fe4fabb53fd2cce335e6e25a74ab433df7088b3a

    • SHA512

      6d72bbb7c8a7ca6cb1601fb08e1e5f4000b254ff18dbd3042d6b6ec08588c957a0c3dd97245416dc5c3f995e3c61e02aa1b944e81228b8fe059bd25a67c11ec7

    • SSDEEP

      49152:LYvk6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQJ:LY8FjEI4iZaUzYH99yIE

    Score
    10/10
    octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks