Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

03/05/2023, 10:24

230503-mfvjmaec56 10

17/03/2023, 07:38

230317-jgfv3sgh7x 10

General

  • Target

    chrome-upd13111.apk

  • Size

    541KB

  • Sample

    230503-mfvjmaec56

  • MD5

    a9b1a776b600baff0832bf897c1a811d

  • SHA1

    283e8e6d16caf9b9e4fb93644e3207a1c436735f

  • SHA256

    57031f6fae595c9cbf89d9c9ae77fd4ccdb1cee766d8afaea9625efa58910fd1

  • SHA512

    3d7a58582ecf58afa50b85f443f30328ee6fa1d441a5efab43346a922557274209a9b0ca087c07af0b4495f41ef2b3ecb1dd0843518d092cdcc18b07b1f2e3ce

  • SSDEEP

    12288:GjSJnCtrt7YhSGyMZM/WH9iy94/oVHRjE8bztEqe7pudc9wjN:DnG/awWH/bVe8bz+qecc9wJ

Malware Config

Extracted

Family

octo

C2

https://countnatbt.site/YWRhZjAxNGM1YjFh/

https://mix3etbt.website/YWRhZjAxNGM1YjFh/

https://btcountates.fun/YWRhZjAxNGM1YjFh/

https://3countbt.pw/YWRhZjAxNGM1YjFh/

https://vat-app.su/YWRhZjAxNGM1YjFh/

https://alleggro.pw/YWRhZjAxNGM1YjFh/

AES_key

Targets

    • Target

      chrome-upd13111.apk

    • Size

      541KB

    • MD5

      a9b1a776b600baff0832bf897c1a811d

    • SHA1

      283e8e6d16caf9b9e4fb93644e3207a1c436735f

    • SHA256

      57031f6fae595c9cbf89d9c9ae77fd4ccdb1cee766d8afaea9625efa58910fd1

    • SHA512

      3d7a58582ecf58afa50b85f443f30328ee6fa1d441a5efab43346a922557274209a9b0ca087c07af0b4495f41ef2b3ecb1dd0843518d092cdcc18b07b1f2e3ce

    • SSDEEP

      12288:GjSJnCtrt7YhSGyMZM/WH9iy94/oVHRjE8bztEqe7pudc9wjN:DnG/awWH/bVe8bz+qecc9wJ

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks