octo

General

Target

3bb05c8c6865a071ad4c293811c8fdd7580e33e0d5483db33082172c8bc2cc73
Size

8.4MB
Sample

250321-v43txaxrs6
MD5

bd00428d52ab48809177b61b90e45685
SHA1

75ea7f94ca74fcba014cf90f488212748b9063a4
SHA256

3bb05c8c6865a071ad4c293811c8fdd7580e33e0d5483db33082172c8bc2cc73
SHA512

40a51692e46339ec22f172f14ffe1a5fd828af161263ffb583e552b74b354dca89bc0150d63d56adc561fa8863f1abd2f706eee391fb63e933e47539bae2e108
SSDEEP

196608:KCCmOLs2ptAniW6ffltjuCD4bXWU3JAyuYdvJ546VI7:imj2ptaz6XvNDaGIAW54F

Score

10^/10

Malware Config

Extracted

Family

octo

AES_key

Targets

- Target
  
  3bb05c8c6865a071ad4c293811c8fdd7580e33e0d5483db33082172c8bc2cc73
- Size
  
  8.4MB
- MD5
  
  bd00428d52ab48809177b61b90e45685
- SHA1
  
  75ea7f94ca74fcba014cf90f488212748b9063a4
- SHA256
  
  3bb05c8c6865a071ad4c293811c8fdd7580e33e0d5483db33082172c8bc2cc73
- SHA512
  
  40a51692e46339ec22f172f14ffe1a5fd828af161263ffb583e552b74b354dca89bc0150d63d56adc561fa8863f1abd2f706eee391fb63e933e47539bae2e108
- SSDEEP
  
  196608:KCCmOLs2ptAniW6ffltjuCD4bXWU3JAyuYdvJ546VI7:imj2ptaz6XvNDaGIAW54F
Score

10^/10

tanglebot evasion infostealer spyware trojan
- TangleBot
  TangleBot is an Android SMS malware first seen in September 2021.
  trojan infostealer spyware tanglebot
- TangleBot payload
- Tanglebot family
  tanglebot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
behavioral1 behavioral2
- Target
  
  base.apk
- Size
  
  8.8MB
- MD5
  
  5d794d2976e533d8912025497cb92c16
- SHA1
  
  79fed68a70624015d3a871872f64053abf548a5e
- SHA256
  
  61ad70416b5132932eae4d772e173260678dfe28976dd8ec4e802797904e8af3
- SHA512
  
  0e6d62afc61b30f71c92870c78764ede0fc8560ccdf5e1bc8548b33561869b07ec1c4b2ed7673ddeed955ae09b5b2f74cd9aedae0c52db29119aaf8b299a2fc8
- SSDEEP
  
  98304:wWl65iSRG0gVKzD2zj7FRs4bIRSIC2zfsqs60/z59zYHyal9PbN37JSV8Qp3Sg/:56r+UPij7FR9xzXcS8JIf
Score

10^/10

octo banker collection credential_access defense_evasion discovery evasion impact infostealer persistence rat trojan stealth
- Octo
  Octo is a banking malware with remote access capabilities first seen in April 2022.
  banker trojan infostealer rat octo
- Octo family
  octo
- Octo payload
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
- Requests enabling of the accessibility settings.
behavioral3 behavioral4