Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

03/05/2023, 10:24

230503-mfvjmaec56 10

17/03/2023, 07:38

230317-jgfv3sgh7x 10

General

  • Target

    chrome-upd13111.apk

  • Size

    541KB

  • Sample

    230317-jgfv3sgh7x

  • MD5

    a9b1a776b600baff0832bf897c1a811d

  • SHA1

    283e8e6d16caf9b9e4fb93644e3207a1c436735f

  • SHA256

    57031f6fae595c9cbf89d9c9ae77fd4ccdb1cee766d8afaea9625efa58910fd1

  • SHA512

    3d7a58582ecf58afa50b85f443f30328ee6fa1d441a5efab43346a922557274209a9b0ca087c07af0b4495f41ef2b3ecb1dd0843518d092cdcc18b07b1f2e3ce

  • SSDEEP

    12288:GjSJnCtrt7YhSGyMZM/WH9iy94/oVHRjE8bztEqe7pudc9wjN:DnG/awWH/bVe8bz+qecc9wJ

Malware Config

Extracted

Family

octo

C2

https://countnatbt.site/YWRhZjAxNGM1YjFh/

https://mix3etbt.website/YWRhZjAxNGM1YjFh/

https://btcountates.fun/YWRhZjAxNGM1YjFh/

https://3countbt.pw/YWRhZjAxNGM1YjFh/

https://vat-app.su/YWRhZjAxNGM1YjFh/

https://alleggro.pw/YWRhZjAxNGM1YjFh/

https://ijectaeres.site/YWRhZjAxNGM1YjFh/

https://ijectaeres.online/YWRhZjAxNGM1YjFh/

https://jerkenates225.site/YWRhZjAxNGM1YjFh/

https://nobodysgonnanow.pw/YWRhZjAxNGM1YjFh/

AES_key

Targets

    • Target

      chrome-upd13111.apk

    • Size

      541KB

    • MD5

      a9b1a776b600baff0832bf897c1a811d

    • SHA1

      283e8e6d16caf9b9e4fb93644e3207a1c436735f

    • SHA256

      57031f6fae595c9cbf89d9c9ae77fd4ccdb1cee766d8afaea9625efa58910fd1

    • SHA512

      3d7a58582ecf58afa50b85f443f30328ee6fa1d441a5efab43346a922557274209a9b0ca087c07af0b4495f41ef2b3ecb1dd0843518d092cdcc18b07b1f2e3ce

    • SSDEEP

      12288:GjSJnCtrt7YhSGyMZM/WH9iy94/oVHRjE8bztEqe7pudc9wjN:DnG/awWH/bVe8bz+qecc9wJ

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks