Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Chrome (2).apk

android-9-x86

10

Chrome (2).apk

android-10-x64

10

libirdevice.so

ubuntu-18.04-amd64

libirdevice.so

debian-9-armhf

libirdevice.so

debian-9-mips

libirdevice.so

debian-9-mipsel

libmibraindec.so

ubuntu-18.04-amd64

libmibraindec.so

debian-9-armhf

libmibraindec.so

debian-9-mips

libmibraindec.so

debian-9-mipsel

libmibrainjni.so

ubuntu-18.04-amd64

libmibrainjni.so

debian-9-armhf

libmibrainjni.so

debian-9-mips

libmibrainjni.so

debian-9-mipsel

libmiir.so

ubuntu-18.04-amd64

libmiir.so

debian-9-armhf

libmiir.so

debian-9-mips

libmiir.so

debian-9-mipsel

libphotocli.so

ubuntu-18.04-amd64

libphotocli.so

debian-9-armhf

libphotocli.so

debian-9-mips

libphotocli.so

debian-9-mipsel

libtruss2.so

ubuntu-18.04-amd64

libtruss2.so

debian-9-armhf

libtruss2.so

debian-9-mips

libtruss2.so

debian-9-mipsel

Analysis

  • max time kernel
    1037782s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20230621-en
  • submitted
    10/07/2023, 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Chrome (2).apk

  • Size

    1.8MB

  • MD5

    d518f6bd8834393054530e2b69fdc060

  • SHA1

    0b047a8b8afeb7e4954a73a3f06b11c3c8dda74e

  • SHA256

    2111701e2fb47adaba6d594319ceab8c7572d82cbc11c70a8378835d19e7718b

  • SHA512

    91536f430431d99c5d53224cb3a07e95fe83fade639e9c39e778cdc0783a2a2bc7c19eb4295edf090ef2aac503412b8268f84bba6b0822974660314798be233e

  • SSDEEP

    49152:ytcjXkmHYo9eUnRO+Jb88wOJwFdKSujBOU3vwfS:ytc4mHYo/bd81ELSMBOGP

Score
10/10
octobankerinfostealerransomwarerattrojan

Malware Config

Extracted

Family

octo

C2

https://grpweufnh734bfr3.online/N2Y5ZmU3OTI5ZDky/

https://poewjehfbwery47fr.top/N2Y5ZmU3OTI5ZDky/

https://fcercvv7erwcvnrew.site/N2Y5ZmU3OTI5ZDky/

https://wevmuty56gbfdg.xyz/N2Y5ZmU3OTI5ZDky/
AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo payload 3 IoCs
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.lotfrontt
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4114
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lotfrontt/app_DynamicOptDex/as.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lotfrontt/app_DynamicOptDex/oat/x86/as.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.lotfrontt/app_DynamicOptDex/as.json
    Filesize

    2KB

    MD5

    1991a2df4dd6c0d870a335a62f5f0098

    SHA1

    9133efc2e6c361b971b96ebfe596d86e53b67dbe

    SHA256

    a124f92cd65e1fd47e603d5affdf453343a7331fd582aaa62c89d5989b500b0d

    SHA512

    e6f5b4e4c90221a26698d8fb1919b7b73b69fd1c4e481cb86d60ca3d73dca03b0cfa6327ab7e3a496a0b8f88b47558a19ff44c01b2805bf9e154f11c7271110d

    Download Submit

  • /data/user/0/com.lotfrontt/app_DynamicOptDex/as.json
    Filesize

    6KB

    MD5

    11c9da6a4df90b736fcba1795960bf3d

    SHA1

    72e53c0bd1a7831d59b135a5c5fd22db1bd4c652

    SHA256

    4a8c5d1cfba244603926110769164d8c57629c909f26031923498a6fc8a9ad5a

    SHA512

    ee467b4be37709c0c217e26c5702a339a29b1ed815b42a937a8eab87e3fd9f662eddc30f66a88980feaf25cab408a1caa8c8511cfe89409bd4864f5cbfd16d93

    Download Submit

  • /data/user/0/com.lotfrontt/app_DynamicOptDex/as.json
    Filesize

    6KB

    MD5

    6d20583e8ff01fafd598c57fdeb5630c

    SHA1

    036bff4f53a3349cf923ea07f60dece949a571cb

    SHA256

    2d06139a25e51dcaf80b2b4ea6a82a703977d554e48558ceeb8ca4e0472af738

    SHA512

    f61b9b0fa1922f2662bb47ed0f6c0c2dc83c74dea744ddf082c986fd873c45c6c96be131c0b9eead78f1bda3e5e9a8f296341b36d805bd45e9c9d3949207545a

    Download Submit

  • /data/user/0/com.lotfrontt/cache/xzhourgpnluqbd
    Filesize

    448KB

    MD5

    c37b5f3f70dcc64cae744ac5c51c73f3

    SHA1

    1e632b0f0314ffeea00c71229689154e3dffdc8c

    SHA256

    21caa5e8a64e7e6d5e5355db951ec135a1701dd827a3e3b9a48f89da467e8579

    SHA512

    5d478334f13674fd0e2442656b32ab549d509c2eaf5619baf6265c6d4133fb001935c140ec8425a5caa0238e787b780f87dae2a53bccf0e88ff96c7ac1ab7f65

    Download Submit

  • /data/user/0/com.lotfrontt/cache/xzhourgpnluqbd
    Filesize

    448KB

    MD5

    c37b5f3f70dcc64cae744ac5c51c73f3

    SHA1

    1e632b0f0314ffeea00c71229689154e3dffdc8c

    SHA256

    21caa5e8a64e7e6d5e5355db951ec135a1701dd827a3e3b9a48f89da467e8579

    SHA512

    5d478334f13674fd0e2442656b32ab549d509c2eaf5619baf6265c6d4133fb001935c140ec8425a5caa0238e787b780f87dae2a53bccf0e88ff96c7ac1ab7f65

    Download Submit

  • /data/user/0/com.lotfrontt/cache/xzhourgpnluqbd
    Filesize

    448KB

    MD5

    c37b5f3f70dcc64cae744ac5c51c73f3

    SHA1

    1e632b0f0314ffeea00c71229689154e3dffdc8c

    SHA256

    21caa5e8a64e7e6d5e5355db951ec135a1701dd827a3e3b9a48f89da467e8579

    SHA512

    5d478334f13674fd0e2442656b32ab549d509c2eaf5619baf6265c6d4133fb001935c140ec8425a5caa0238e787b780f87dae2a53bccf0e88ff96c7ac1ab7f65

    Download Submit

  • /data/user/0/com.lotfrontt/shared_prefs/main.xml
    Filesize

    131B

    MD5

    6187424d8472e95432406f578a60fe9d

    SHA1

    175cf0043f8cb76f31f0568e2be8490b6c5af097

    SHA256

    f437f0d97387b3990865e41068fbc0f0f89f9048079604e0b98eff128eb27442

    SHA512

    3ccb84948e40fb8be21fdd8e23028ad722990d6555c05927b676d3d9fad5ccc2ebca8a485169e033f975ba341a3c673f8ba5f915de1ee91eedaef0b9acf70d41

    Download Submit

  • /data/user/0/com.lotfrontt/shared_prefs/main.xml
    Filesize

    3KB

    MD5

    e0fe6be1ad61aa566075a24b521593ac

    SHA1

    03d808217047e7a1e39c35a11e517e56077a849c

    SHA256

    776511ea9abdd9eab5e2bf1f3c6e39caeb69f6ca367ad058c75b8e5978cea38a

    SHA512

    71e0ff781f1712431ff65aff8e1694d4c9d275f325ede34f2b047069bbe5b1b6646d7937890cc4f88643f0b86545c2c0c57bcafba59bf9dc0bb50cf0833e9b3a

    Download Submit