octo

General

Target

02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b
Size

9.7MB
Sample

241216-dgrppa1jfv
MD5

6c40d0ce4ba4c7b795b7241d07941af9
SHA1

7802246571b7ee84a0b50724f4846e8ef5efdd98
SHA256

02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b
SHA512

6629d7a851fbb8bca27127223a44ae0e7094260efb527e6affdcc0ba79632491f21e98662491441275e202f3e4701044b5c072cbf6cd8ae164361d4aeebb3c03
SSDEEP

196608:pEz5iAMm3qMslK6Q3fyPx1OjMSbxRa0VHcTc9cqQpMe8BJBojA9:pENS/MsvQ3faxMFbG0GTEconBJB9

Score

10^/10

Malware Config

Extracted

Family

octo

AES_key

Targets

- Target
  
  02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b
- Size
  
  9.7MB
- MD5
  
  6c40d0ce4ba4c7b795b7241d07941af9
- SHA1
  
  7802246571b7ee84a0b50724f4846e8ef5efdd98
- SHA256
  
  02a7b6c674daf7257c2ea95e4f5a96f675febb4a53f5e29c7ccbf5fe2dc3f81b
- SHA512
  
  6629d7a851fbb8bca27127223a44ae0e7094260efb527e6affdcc0ba79632491f21e98662491441275e202f3e4701044b5c072cbf6cd8ae164361d4aeebb3c03
- SSDEEP
  
  196608:pEz5iAMm3qMslK6Q3fyPx1OjMSbxRa0VHcTc9cqQpMe8BJBojA9:pENS/MsvQ3faxMFbG0GTEconBJB9
Score

10^/10

tanglebot evasion infostealer spyware trojan
- TangleBot
  TangleBot is an Android SMS malware first seen in September 2021.
  trojan infostealer spyware tanglebot
- TangleBot payload
- Tanglebot family
  tanglebot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
behavioral1
- Target
  
  base.apk
- Size
  
  8.4MB
- MD5
  
  fb1ba100e4f57daec89c73b22233d569
- SHA1
  
  a42efe6a797ec95c815f3822d1e4ec16306df6af
- SHA256
  
  c5ab9a0327ac718c196f0fb3709fd6fbeaad327bb5bf1685174f54acbeb79dcf
- SHA512
  
  e3a07f378c76628eb8c103f154264b023c48530ae36d8c13faa0995581ea2605540e315496ae4c0898a11e7f24ea5aa25a5c63371e411ffdd0a0ad92aac8088e
- SSDEEP
  
  98304:W3G/AJgoTVK2i0aj7+5iSRGAkRsgMj3j1dc961b0mH5Zn:MGAJgoTUV5j7+r+Rxy3T66175
Score

10^/10

octo banker collection credential_access discovery evasion impact infostealer persistence rat trojan
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo family
  octo
- Octo payload
- Checks Android system properties for emulator presence.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral2