Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556.bin
-
Size
541KB
-
Sample
230722-s1224abf9x
-
MD5
6c668c1d0504ca948d7fd641ce93cb9c
-
SHA1
eddd6bbca6116ef83701406a6ba1b6b756bd98b9
-
SHA256
35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556
-
SHA512
f6cc943332d4286e463daf471ab4624e99433c1fe54b3e69dbbdb758425ea4b372f301b06b180cf6019653e2c2b4ea340b5a4055a00cb4e5e622ccece6cef5fe
-
SSDEEP
12288:A2OUOX+5gCB33r6+28FGiVW5E6zKO9KqfAiMAGKn7OgsNKA:A2Cu55Bnv2ALGEDyfWATn7i
Static task
static1
Behavioral task
behavioral1
Sample
35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556.apk
Resource
android-x64-20230621-en
Malware Config
Extracted
octo
https://193.42.32.180/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss222.net/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss122.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruk4ss22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruks6s22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruk7ss22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruks8s22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss2322.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruksas282.net/ZjU3NWNhYzE5Mzhm/
Targets
-
-
Target
35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556.bin
-
Size
541KB
-
MD5
6c668c1d0504ca948d7fd641ce93cb9c
-
SHA1
eddd6bbca6116ef83701406a6ba1b6b756bd98b9
-
SHA256
35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556
-
SHA512
f6cc943332d4286e463daf471ab4624e99433c1fe54b3e69dbbdb758425ea4b372f301b06b180cf6019653e2c2b4ea340b5a4055a00cb4e5e622ccece6cef5fe
-
SSDEEP
12288:A2OUOX+5gCB33r6+28FGiVW5E6zKO9KqfAiMAGKn7OgsNKA:A2Cu55Bnv2ALGEDyfWATn7i
Score10/10-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Uses Crypto APIs (Might try to encrypt user data).
-