Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
7Chrome (2).apk
android-9-x86
10Chrome (2).apk
android-10-x64
10libirdevice.so
ubuntu-18.04-amd64
libirdevice.so
debian-9-armhf
libirdevice.so
debian-9-mips
libirdevice.so
debian-9-mipsel
libmibraindec.so
ubuntu-18.04-amd64
libmibraindec.so
debian-9-armhf
libmibraindec.so
debian-9-mips
libmibraindec.so
debian-9-mipsel
libmibrainjni.so
ubuntu-18.04-amd64
libmibrainjni.so
debian-9-armhf
libmibrainjni.so
debian-9-mips
libmibrainjni.so
debian-9-mipsel
libmiir.so
ubuntu-18.04-amd64
libmiir.so
debian-9-armhf
libmiir.so
debian-9-mips
libmiir.so
debian-9-mipsel
libphotocli.so
ubuntu-18.04-amd64
libphotocli.so
debian-9-armhf
libphotocli.so
debian-9-mips
libphotocli.so
debian-9-mipsel
libtruss2.so
ubuntu-18.04-amd64
libtruss2.so
debian-9-armhf
libtruss2.so
debian-9-mips
libtruss2.so
debian-9-mipsel
Analysis
-
max time kernel
1037647s -
max time network
21s -
platform
android_x64 -
resource
android-x64-20230621-en -
submitted
10/07/2023, 03:29
Static task
static1
Behavioral task
behavioral1
Sample
Chrome (2).apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
Chrome (2).apk
Resource
android-x64-20230621-en
Behavioral task
behavioral3
Sample
libirdevice.so
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral4
Sample
libirdevice.so
Resource
debian9-armhf-20221125-en
Behavioral task
behavioral5
Sample
libirdevice.so
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral6
Sample
libirdevice.so
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral7
Sample
libmibraindec.so
Resource
ubuntu1804-amd64-20230621-en
Behavioral task
behavioral8
Sample
libmibraindec.so
Resource
debian9-armhf-20221125-en
Behavioral task
behavioral9
Sample
libmibraindec.so
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral10
Sample
libmibraindec.so
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral11
Sample
libmibrainjni.so
Resource
ubuntu1804-amd64-20230621-en
Behavioral task
behavioral12
Sample
libmibrainjni.so
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral13
Sample
libmibrainjni.so
Resource
debian9-mipsbe-20221125-en
Behavioral task
behavioral14
Sample
libmibrainjni.so
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral15
Sample
libmiir.so
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral16
Sample
libmiir.so
Resource
debian9-armhf-20221125-en
Behavioral task
behavioral17
Sample
libmiir.so
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral18
Sample
libmiir.so
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral19
Sample
libphotocli.so
Resource
ubuntu1804-amd64-20230621-en
Behavioral task
behavioral20
Sample
libphotocli.so
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral21
Sample
libphotocli.so
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral22
Sample
libphotocli.so
Resource
debian9-mipsel-20221125-en
Behavioral task
behavioral23
Sample
libtruss2.so
Resource
ubuntu1804-amd64-20230621-en
Behavioral task
behavioral24
Sample
libtruss2.so
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral25
Sample
libtruss2.so
Resource
debian9-mipsbe-20221125-en
Behavioral task
behavioral26
Sample
libtruss2.so
Resource
debian9-mipsel-20221111-en
General
-
Target
Chrome (2).apk
-
Size
1.8MB
-
MD5
d518f6bd8834393054530e2b69fdc060
-
SHA1
0b047a8b8afeb7e4954a73a3f06b11c3c8dda74e
-
SHA256
2111701e2fb47adaba6d594319ceab8c7572d82cbc11c70a8378835d19e7718b
-
SHA512
91536f430431d99c5d53224cb3a07e95fe83fade639e9c39e778cdc0783a2a2bc7c19eb4295edf090ef2aac503412b8268f84bba6b0822974660314798be233e
-
SSDEEP
49152:ytcjXkmHYo9eUnRO+Jb88wOJwFdKSujBOU3vwfS:ytc4mHYo/bd81ELSMBOGP
Malware Config
Extracted
octo
https://grpweufnh734bfr3.online/N2Y5ZmU3OTI5ZDky/
https://poewjehfbwery47fr.top/N2Y5ZmU3OTI5ZDky/
https://fcercvv7erwcvnrew.site/N2Y5ZmU3OTI5ZDky/
https://wevmuty56gbfdg.xyz/N2Y5ZmU3OTI5ZDky/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
resource yara_rule behavioral2/files/4847-1.dat family_octo behavioral2/memory/4847-1.dex family_octo behavioral2/memory/4847-2.dex family_octo -
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.lotfrontt/app_DynamicOptDex/as.json 4847 com.lotfrontt /data/user/0/com.lotfrontt/cache/xzhourgpnluqbd 4847 com.lotfrontt /data/user/0/com.lotfrontt/cache/xzhourgpnluqbd 4847 com.lotfrontt -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.lotfrontt
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD51991a2df4dd6c0d870a335a62f5f0098
SHA19133efc2e6c361b971b96ebfe596d86e53b67dbe
SHA256a124f92cd65e1fd47e603d5affdf453343a7331fd582aaa62c89d5989b500b0d
SHA512e6f5b4e4c90221a26698d8fb1919b7b73b69fd1c4e481cb86d60ca3d73dca03b0cfa6327ab7e3a496a0b8f88b47558a19ff44c01b2805bf9e154f11c7271110d
-
Filesize
6KB
MD56d20583e8ff01fafd598c57fdeb5630c
SHA1036bff4f53a3349cf923ea07f60dece949a571cb
SHA2562d06139a25e51dcaf80b2b4ea6a82a703977d554e48558ceeb8ca4e0472af738
SHA512f61b9b0fa1922f2662bb47ed0f6c0c2dc83c74dea744ddf082c986fd873c45c6c96be131c0b9eead78f1bda3e5e9a8f296341b36d805bd45e9c9d3949207545a
-
Filesize
448KB
MD5c37b5f3f70dcc64cae744ac5c51c73f3
SHA11e632b0f0314ffeea00c71229689154e3dffdc8c
SHA25621caa5e8a64e7e6d5e5355db951ec135a1701dd827a3e3b9a48f89da467e8579
SHA5125d478334f13674fd0e2442656b32ab549d509c2eaf5619baf6265c6d4133fb001935c140ec8425a5caa0238e787b780f87dae2a53bccf0e88ff96c7ac1ab7f65
-
Filesize
448KB
MD5c37b5f3f70dcc64cae744ac5c51c73f3
SHA11e632b0f0314ffeea00c71229689154e3dffdc8c
SHA25621caa5e8a64e7e6d5e5355db951ec135a1701dd827a3e3b9a48f89da467e8579
SHA5125d478334f13674fd0e2442656b32ab549d509c2eaf5619baf6265c6d4133fb001935c140ec8425a5caa0238e787b780f87dae2a53bccf0e88ff96c7ac1ab7f65
-
Filesize
448KB
MD5c37b5f3f70dcc64cae744ac5c51c73f3
SHA11e632b0f0314ffeea00c71229689154e3dffdc8c
SHA25621caa5e8a64e7e6d5e5355db951ec135a1701dd827a3e3b9a48f89da467e8579
SHA5125d478334f13674fd0e2442656b32ab549d509c2eaf5619baf6265c6d4133fb001935c140ec8425a5caa0238e787b780f87dae2a53bccf0e88ff96c7ac1ab7f65
-
Filesize
131B
MD56187424d8472e95432406f578a60fe9d
SHA1175cf0043f8cb76f31f0568e2be8490b6c5af097
SHA256f437f0d97387b3990865e41068fbc0f0f89f9048079604e0b98eff128eb27442
SHA5123ccb84948e40fb8be21fdd8e23028ad722990d6555c05927b676d3d9fad5ccc2ebca8a485169e033f975ba341a3c673f8ba5f915de1ee91eedaef0b9acf70d41
-
Filesize
5KB
MD5f30c28d47677c9f50f9f62c3830fcbc6
SHA131dc6cb346a6f5a2049d7ed0c3ee8dfee2378aec
SHA2568e51e97a2b091708db64361711e453d4ce7a1bf590ec3d24485c33200c881a93
SHA51230c88afdc37cf1b6030424ff364adbd1c77f88dbc326214b8635e7e4100b842b21277a29778603a143e79186f0538389bf0ee0dab3f74110a86c5144e74e12dc