octo

General

Target

9ec5918e18def876799f3e73f0bb9b2058a66614e46a0bdf7a04a681131efd4f
Size

9.7MB
Sample

241216-dc4tfszqhs
MD5

5f47d032af394ca8ae319f5239bcb694
SHA1

19ab3183ed91e7048a75b2ce1f2599bff2966f1f
SHA256

9ec5918e18def876799f3e73f0bb9b2058a66614e46a0bdf7a04a681131efd4f
SHA512

c108bf407f983cdd3e094812d0be0ba0cca5e88af1adb3a865da982a24cdfe78d88fd26935e0f3b54de025bb281ac38fc4043c0b3641a36845492879c9080cc5
SSDEEP

196608:OqhyRy9WVVfHC4dMlf5OaPNTcl8OQVbsCZfRC9uQuWLWvS:rhzAVfHC99FcyOQZZEBu8f

Score

10^/10

Malware Config

Extracted

Family

octo

AES_key

Targets

- Target
  
  9ec5918e18def876799f3e73f0bb9b2058a66614e46a0bdf7a04a681131efd4f
- Size
  
  9.7MB
- MD5
  
  5f47d032af394ca8ae319f5239bcb694
- SHA1
  
  19ab3183ed91e7048a75b2ce1f2599bff2966f1f
- SHA256
  
  9ec5918e18def876799f3e73f0bb9b2058a66614e46a0bdf7a04a681131efd4f
- SHA512
  
  c108bf407f983cdd3e094812d0be0ba0cca5e88af1adb3a865da982a24cdfe78d88fd26935e0f3b54de025bb281ac38fc4043c0b3641a36845492879c9080cc5
- SSDEEP
  
  196608:OqhyRy9WVVfHC4dMlf5OaPNTcl8OQVbsCZfRC9uQuWLWvS:rhzAVfHC99FcyOQZZEBu8f
Score

10^/10

tanglebot evasion infostealer spyware trojan
- TangleBot
  TangleBot is an Android SMS malware first seen in September 2021.
  trojan infostealer spyware tanglebot
- TangleBot payload
- Tanglebot family
  tanglebot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
behavioral1
- Target
  
  base.apk
- Size
  
  7.1MB
- MD5
  
  e184bbe61b9a9e321aa00505794f9489
- SHA1
  
  1f45836fd5a4bbffc8779c7bca2f851f15cdbea9
- SHA256
  
  804557d75e822dce154c0703780dd2e88a113e8ddb8cb42e1db9d8d851a4b931
- SHA512
  
  68c2237f0b42f7e2c9171690cc89754a05094bff0b2cc6e71a1631d0bd9f6bf821d629bca127d635efb1595ce27243662c8321f2d5015fda36819dab70a370e9
- SSDEEP
  
  98304:8I8lrvaRjVK515iSRGEjL21yymVxRs0nzijYM3X7:L8QRjUvrVK1yymjRBz4z3X7
Score

10^/10

octo banker collection credential_access discovery evasion impact infostealer persistence rat trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo family
  octo
- Octo payload
- Checks Android system properties for emulator presence.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral2