Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
chrome-upd13111.apk
-
Size
541KB
-
Sample
230317-jgfv3sgh7x
-
MD5
a9b1a776b600baff0832bf897c1a811d
-
SHA1
283e8e6d16caf9b9e4fb93644e3207a1c436735f
-
SHA256
57031f6fae595c9cbf89d9c9ae77fd4ccdb1cee766d8afaea9625efa58910fd1
-
SHA512
3d7a58582ecf58afa50b85f443f30328ee6fa1d441a5efab43346a922557274209a9b0ca087c07af0b4495f41ef2b3ecb1dd0843518d092cdcc18b07b1f2e3ce
-
SSDEEP
12288:GjSJnCtrt7YhSGyMZM/WH9iy94/oVHRjE8bztEqe7pudc9wjN:DnG/awWH/bVe8bz+qecc9wJ
Static task
static1
Behavioral task
behavioral1
Sample
chrome-upd13111.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
chrome-upd13111.apk
Resource
android-x64-arm64-20220823-en
Malware Config
Extracted
octo
https://countnatbt.site/YWRhZjAxNGM1YjFh/
https://mix3etbt.website/YWRhZjAxNGM1YjFh/
https://btcountates.fun/YWRhZjAxNGM1YjFh/
https://3countbt.pw/YWRhZjAxNGM1YjFh/
https://vat-app.su/YWRhZjAxNGM1YjFh/
https://alleggro.pw/YWRhZjAxNGM1YjFh/
https://ijectaeres.site/YWRhZjAxNGM1YjFh/
https://ijectaeres.online/YWRhZjAxNGM1YjFh/
https://jerkenates225.site/YWRhZjAxNGM1YjFh/
https://nobodysgonnanow.pw/YWRhZjAxNGM1YjFh/
Targets
-
-
Target
chrome-upd13111.apk
-
Size
541KB
-
MD5
a9b1a776b600baff0832bf897c1a811d
-
SHA1
283e8e6d16caf9b9e4fb93644e3207a1c436735f
-
SHA256
57031f6fae595c9cbf89d9c9ae77fd4ccdb1cee766d8afaea9625efa58910fd1
-
SHA512
3d7a58582ecf58afa50b85f443f30328ee6fa1d441a5efab43346a922557274209a9b0ca087c07af0b4495f41ef2b3ecb1dd0843518d092cdcc18b07b1f2e3ce
-
SSDEEP
12288:GjSJnCtrt7YhSGyMZM/WH9iy94/oVHRjE8bztEqe7pudc9wjN:DnG/awWH/bVe8bz+qecc9wJ
Score10/10-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Uses Crypto APIs (Might try to encrypt user data).
-