General

  • Target

    ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199

  • Size

    4.8MB

  • Sample

    241216-dpmqps1mg1

  • MD5

    55d0d7637a39185ef1edb6cbd66120c1

  • SHA1

    e152e69687d847a9f58b3184f98845046fed674e

  • SHA256

    ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199

  • SHA512

    e9b0c2e81cd435bffdecac14d681715b3ec52c25d98d4c9875fd93d27b94571ff47783b3b3f2d599e105385a70101ea66821dc0f8e4566dd458754f984d5f90f

  • SSDEEP

    49152:NRsEX/3ArKrKj7/45iS7xrGp9DHVsdjVKSc2+JVOFHYmj61cZW:NRs0QrSKj7A5iSRGCVVKnIYIW

Malware Config

Extracted

Family

octo

AES_key
AES_key

Targets

    • Target

      ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199

    • Size

      4.8MB

    • MD5

      55d0d7637a39185ef1edb6cbd66120c1

    • SHA1

      e152e69687d847a9f58b3184f98845046fed674e

    • SHA256

      ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199

    • SHA512

      e9b0c2e81cd435bffdecac14d681715b3ec52c25d98d4c9875fd93d27b94571ff47783b3b3f2d599e105385a70101ea66821dc0f8e4566dd458754f984d5f90f

    • SSDEEP

      49152:NRsEX/3ArKrKj7/45iS7xrGp9DHVsdjVKSc2+JVOFHYmj61cZW:NRs0QrSKj7A5iSRGCVVKnIYIW

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo family

    • Octo payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks