Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2118491s -
max time network
109s -
platform
android_x64 -
resource
android-x64-20230621-en -
submitted
22/07/2023, 15:36
General
-
Target
35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556.apk
-
Size
541KB
-
MD5
6c668c1d0504ca948d7fd641ce93cb9c
-
SHA1
eddd6bbca6116ef83701406a6ba1b6b756bd98b9
-
SHA256
35d19c060b8d8b0c1114f161a208ac61596723a69f17126f054e58aa476ac556
-
SHA512
f6cc943332d4286e463daf471ab4624e99433c1fe54b3e69dbbdb758425ea4b372f301b06b180cf6019653e2c2b4ea340b5a4055a00cb4e5e622ccece6cef5fe
-
SSDEEP
12288:A2OUOX+5gCB33r6+28FGiVW5E6zKO9KqfAiMAGKn7OgsNKA:A2Cu55Bnv2ALGEDyfWATn7i
Malware Config
Extracted
octo
https://193.42.32.180/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss222.net/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss122.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruk4ss22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruks6s22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruk7ss22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruks8s22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss2322.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruksas282.net/ZjU3NWNhYzE5Mzhm/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.crossthinkdmsx1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
450KB
MD518d6d6287c8c13b3f38a17b411126902
SHA1031d9ace93b685ba7b8266c168daa8d655b207e2
SHA256ff815eb64df98121fdb52d96334079db90adc279a1e850824d6bd293d974d4d0
SHA51206da9fe8d508eaf1b69189c53d501d8ddaa04b689a3fea86415d92c88ff7ceb8535d4615ffc3ed65b996864845ea2b234ee90284733df2e224713dce7fa16b72
-
Filesize
450KB
MD518d6d6287c8c13b3f38a17b411126902
SHA1031d9ace93b685ba7b8266c168daa8d655b207e2
SHA256ff815eb64df98121fdb52d96334079db90adc279a1e850824d6bd293d974d4d0
SHA51206da9fe8d508eaf1b69189c53d501d8ddaa04b689a3fea86415d92c88ff7ceb8535d4615ffc3ed65b996864845ea2b234ee90284733df2e224713dce7fa16b72
-
Filesize
450KB
MD518d6d6287c8c13b3f38a17b411126902
SHA1031d9ace93b685ba7b8266c168daa8d655b207e2
SHA256ff815eb64df98121fdb52d96334079db90adc279a1e850824d6bd293d974d4d0
SHA51206da9fe8d508eaf1b69189c53d501d8ddaa04b689a3fea86415d92c88ff7ceb8535d4615ffc3ed65b996864845ea2b234ee90284733df2e224713dce7fa16b72
-
Filesize
136B
MD58bdb64657dc1607fea02deac9859ae99
SHA144ee8c935b971be0c200da0bd927ee61e429deb6
SHA256415065709b3578f8a4b67a559e96da402d64f62f81d858d269555575fc4b00c1
SHA512acee5c98d2a4f239f50abcaee5cdf62982f1f720b1e35b585509692c067616827c5e022369b4013844844c594941e245684a28b406fb9cc462a6f80b084adea8
-
Filesize
5KB
MD59706e2277af7976f25852319b842381e
SHA16796ff8efdc3c1000e90aee6519c26a66f314036
SHA256d5f9983671552d011bec1a47e2d58de9110d5dc48e906a7027dbbce723f81374
SHA512b392c9f1bdac4d94452b2d170f467eb48b0bee0e57942460638774987656c91b7a4c65f7c818ff9cae3071507c588c2643d295a31e585b60540d41f4902029ce