General
-
Target
ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199
-
Size
4.8MB
-
Sample
241216-dpmqps1mg1
-
MD5
55d0d7637a39185ef1edb6cbd66120c1
-
SHA1
e152e69687d847a9f58b3184f98845046fed674e
-
SHA256
ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199
-
SHA512
e9b0c2e81cd435bffdecac14d681715b3ec52c25d98d4c9875fd93d27b94571ff47783b3b3f2d599e105385a70101ea66821dc0f8e4566dd458754f984d5f90f
-
SSDEEP
49152:NRsEX/3ArKrKj7/45iS7xrGp9DHVsdjVKSc2+JVOFHYmj61cZW:NRs0QrSKj7A5iSRGCVVKnIYIW
Static task
static1
Behavioral task
behavioral1
Sample
ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199.apk
Resource
android-x86-arm-20240910-en
Malware Config
Extracted
octo
Targets
-
-
Target
ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199
-
Size
4.8MB
-
MD5
55d0d7637a39185ef1edb6cbd66120c1
-
SHA1
e152e69687d847a9f58b3184f98845046fed674e
-
SHA256
ae6bacc26b84fd7a8784db154ead9de9f6a310ac8520bfa70ecef886a26dd199
-
SHA512
e9b0c2e81cd435bffdecac14d681715b3ec52c25d98d4c9875fd93d27b94571ff47783b3b3f2d599e105385a70101ea66821dc0f8e4566dd458754f984d5f90f
-
SSDEEP
49152:NRsEX/3ArKrKj7/45iS7xrGp9DHVsdjVKSc2+JVOFHYmj61cZW:NRs0QrSKj7A5iSRGCVVKnIYIW
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC)
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
4