Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22
-
Size
557KB
-
Sample
230605-ahtznaec48
-
MD5
e06f839e7c37e02e94467032510b0802
-
SHA1
9e8afb2f94cd4a5cc80221b0ebf0b1ed9ab62e03
-
SHA256
65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22
-
SHA512
543c9fcb98ef1cae44f8774d59de72c9ad19d2057cd84dd5068f302651cb254cf33456175dd5132975df52e90d3ffcf5df1544183d12fb16af91d2442fd1e9a8
-
SSDEEP
12288:cCholSt/Zti+Rwgwzpp7GRWd7EfhB6rCIxrScmUMul7PpokcoYtWReyNx0BJ4:Joib3RwgwmWdwhgrmcGo7Ppok3Rx3
Static task
static1
Behavioral task
behavioral1
Sample
65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22.apk
Resource
android-x64-20220823-en
Malware Config
Extracted
octo
https://179.43.163.113/YTFlMzViNjNiNWM3/
https://179.43.163.122/YTFlMzViNjNiNWM3/
https://slmmistosi.com/YTFlMzViNjNiNWM3/
https://slmmistosi2.com/YTFlMzViNjNiNWM3/
https://179.43.163.117/YTFlMzViNjNiNWM3/
https://179.43.163.118/YTFlMzViNjNiNWM3/
https://yamass2432425ds.xyz/YTFlMzViNjNiNWM3/
https://yamass3432425ds.xyz/YTFlMzViNjNiNWM3/
Targets
-
-
Target
65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22
-
Size
557KB
-
MD5
e06f839e7c37e02e94467032510b0802
-
SHA1
9e8afb2f94cd4a5cc80221b0ebf0b1ed9ab62e03
-
SHA256
65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22
-
SHA512
543c9fcb98ef1cae44f8774d59de72c9ad19d2057cd84dd5068f302651cb254cf33456175dd5132975df52e90d3ffcf5df1544183d12fb16af91d2442fd1e9a8
-
SSDEEP
12288:cCholSt/Zti+Rwgwzpp7GRWd7EfhB6rCIxrScmUMul7PpokcoYtWReyNx0BJ4:Joib3RwgwmWdwhgrmcGo7Ppok3Rx3
Score10/10-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Uses Crypto APIs (Might try to encrypt user data).
-