Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22

  • Size

    557KB

  • Sample

    230605-ahtznaec48

  • MD5

    e06f839e7c37e02e94467032510b0802

  • SHA1

    9e8afb2f94cd4a5cc80221b0ebf0b1ed9ab62e03

  • SHA256

    65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22

  • SHA512

    543c9fcb98ef1cae44f8774d59de72c9ad19d2057cd84dd5068f302651cb254cf33456175dd5132975df52e90d3ffcf5df1544183d12fb16af91d2442fd1e9a8

  • SSDEEP

    12288:cCholSt/Zti+Rwgwzpp7GRWd7EfhB6rCIxrScmUMul7PpokcoYtWReyNx0BJ4:Joib3RwgwmWdwhgrmcGo7Ppok3Rx3

Malware Config

Extracted

Family

octo

C2

https://179.43.163.113/YTFlMzViNjNiNWM3/

https://179.43.163.122/YTFlMzViNjNiNWM3/

https://slmmistosi.com/YTFlMzViNjNiNWM3/

https://slmmistosi2.com/YTFlMzViNjNiNWM3/

https://179.43.163.117/YTFlMzViNjNiNWM3/

https://179.43.163.118/YTFlMzViNjNiNWM3/

https://yamass2432425ds.xyz/YTFlMzViNjNiNWM3/

https://yamass3432425ds.xyz/YTFlMzViNjNiNWM3/

AES_key

Targets

    • Target

      65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22

    • Size

      557KB

    • MD5

      e06f839e7c37e02e94467032510b0802

    • SHA1

      9e8afb2f94cd4a5cc80221b0ebf0b1ed9ab62e03

    • SHA256

      65075ae9938efafa6e52b50f70dbae7c5b9ad116e79fed356a1c72011910de22

    • SHA512

      543c9fcb98ef1cae44f8774d59de72c9ad19d2057cd84dd5068f302651cb254cf33456175dd5132975df52e90d3ffcf5df1544183d12fb16af91d2442fd1e9a8

    • SSDEEP

      12288:cCholSt/Zti+Rwgwzpp7GRWd7EfhB6rCIxrScmUMul7PpokcoYtWReyNx0BJ4:Joib3RwgwmWdwhgrmcGo7Ppok3Rx3

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks