Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556.bin

  • Size

    541KB

  • Sample

    230722-s1224abf9x

  • MD5

    6c668c1d0504ca948d7fd641ce93cb9c

  • SHA1

    eddd6bbca6116ef83701406a6ba1b6b756bd98b9

  • SHA256

    35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556

  • SHA512

    f6cc943332d4286e463daf471ab4624e99433c1fe54b3e69dbbdb758425ea4b372f301b06b180cf6019653e2c2b4ea340b5a4055a00cb4e5e622ccece6cef5fe

  • SSDEEP

    12288:A2OUOX+5gCB33r6+28FGiVW5E6zKO9KqfAiMAGKn7OgsNKA:A2Cu55Bnv2ALGEDyfWATn7i

Malware Config

Extracted

Family

octo

C2

https://193.42.32.180/ZjU3NWNhYzE5Mzhm/

https://saldirmorukss222.net/ZjU3NWNhYzE5Mzhm/

https://saldirmorukss122.net/ZjU3NWNhYzE5Mzhm/

https://saldirmoruk4ss22.net/ZjU3NWNhYzE5Mzhm/

https://saldirmoruks6s22.net/ZjU3NWNhYzE5Mzhm/

https://saldirmoruk7ss22.net/ZjU3NWNhYzE5Mzhm/

https://saldirmoruks8s22.net/ZjU3NWNhYzE5Mzhm/

https://saldirmorukss2322.net/ZjU3NWNhYzE5Mzhm/

https://saldirmoruksas282.net/ZjU3NWNhYzE5Mzhm/

AES_key

Targets

    • Target

      35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556.bin

    • Size

      541KB

    • MD5

      6c668c1d0504ca948d7fd641ce93cb9c

    • SHA1

      eddd6bbca6116ef83701406a6ba1b6b756bd98b9

    • SHA256

      35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556

    • SHA512

      f6cc943332d4286e463daf471ab4624e99433c1fe54b3e69dbbdb758425ea4b372f301b06b180cf6019653e2c2b4ea340b5a4055a00cb4e5e622ccece6cef5fe

    • SSDEEP

      12288:A2OUOX+5gCB33r6+28FGiVW5E6zKO9KqfAiMAGKn7OgsNKA:A2Cu55Bnv2ALGEDyfWATn7i

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks