Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2118502s -
max time network
54s -
platform
android_x86 -
resource
android-x86-arm-20230621-en -
submitted
22/07/2023, 15:36
Static task
static1
Behavioral task
behavioral1
Sample
0fd16e91ce30d696f7a875c51e8203a644fe4e8262901179f9ab0f5bfc3afd68.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
0fd16e91ce30d696f7a875c51e8203a644fe4e8262901179f9ab0f5bfc3afd68.apk
Resource
android-x64-20230621-en
General
-
Target
0fd16e91ce30d696f7a875c51e8203a644fe4e8262901179f9ab0f5bfc3afd68.apk
-
Size
541KB
-
MD5
52bffc6ee57dc05127b0ff5fa0b271b2
-
SHA1
49529bfddbbafc73bfaf63d9e034dd339fbdaba6
-
SHA256
0fd16e91ce30d696f7a875c51e8203a644fe4e8262901179f9ab0f5bfc3afd68
-
SHA512
de7867b4ab6061cdee6d80eabf1aa5d08a552cf8ba0cca2703e9c57f92a21eaddb8b87a7d144ec73843d5c493f493ca5a1c8c4e2ece60d5ebce83b43406c0516
-
SSDEEP
12288:07t9/9bc8U/4AtkMfABsVP2vPDd53+mEb8dIgbni:C9/JLAtk9BoP2vrdR+n8dIUni
Malware Config
Extracted
octo
https://193.42.32.180/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss222.net/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss122.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruk4ss22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruks6s22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruk7ss22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruks8s22.net/ZjU3NWNhYzE5Mzhm/
https://saldirmorukss2322.net/ZjU3NWNhYzE5Mzhm/
https://saldirmoruksas282.net/ZjU3NWNhYzE5Mzhm/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 3 IoCs
resource yara_rule behavioral1/files/4075-0.dat family_octo behavioral1/memory/4075-0.dex family_octo behavioral1/memory/4075-1.dex family_octo -
Makes use of the framework's Accessibility service. 2 IoCs
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.mencompleteynjk Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.mencompleteynjk -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
description ioc Process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.mencompleteynjk -
Acquires the wake lock. 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.mencompleteynjk -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.mencompleteynjk/cache/yswquga 4075 com.mencompleteynjk /data/user/0/com.mencompleteynjk/cache/yswquga 4075 com.mencompleteynjk -
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.mencompleteynjk -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.mencompleteynjk
Processes
-
com.mencompleteynjk1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data).
PID:4075
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
450KB
MD5aa9382ad99c8c400c9f57791e976cbae
SHA1cd35c2c6c78209c97fadef6328fc052b309c8754
SHA2561b5ac7b4de7de16a5cc8045209734b77aa82d3e19bf9cd808a4946bda40d7fb4
SHA512e218bcfa75573392301beb7dbf22e27468c0bc4fa5103a4be68a0887047b5aef65d2ac64bc5bbbbdccb865d797af597b6b2f51916ce64b37b7347d9e4c6150a3
-
Filesize
450KB
MD5aa9382ad99c8c400c9f57791e976cbae
SHA1cd35c2c6c78209c97fadef6328fc052b309c8754
SHA2561b5ac7b4de7de16a5cc8045209734b77aa82d3e19bf9cd808a4946bda40d7fb4
SHA512e218bcfa75573392301beb7dbf22e27468c0bc4fa5103a4be68a0887047b5aef65d2ac64bc5bbbbdccb865d797af597b6b2f51916ce64b37b7347d9e4c6150a3
-
Filesize
450KB
MD5aa9382ad99c8c400c9f57791e976cbae
SHA1cd35c2c6c78209c97fadef6328fc052b309c8754
SHA2561b5ac7b4de7de16a5cc8045209734b77aa82d3e19bf9cd808a4946bda40d7fb4
SHA512e218bcfa75573392301beb7dbf22e27468c0bc4fa5103a4be68a0887047b5aef65d2ac64bc5bbbbdccb865d797af597b6b2f51916ce64b37b7347d9e4c6150a3
-
Filesize
137B
MD58ba8c4112f31487f9f9ce071ffa4fef9
SHA1c136284c52462038e88c1cd7785510dfc938abdf
SHA2567ad9f9bbde4f43099444f9dbfb302217acb1af32bef9c56316f76643baaeb9ab
SHA51263797963bc21e66694053b9a40e84a9a07a792c81d1054f9a31227fb0476b2a3ee032aa2d0f54a8e0ba87ca5df33db6da0bfd3c19ea951d797c786bc26d845fe
-
Filesize
3KB
MD5bbce013bfbfd0e832365a3d2dac4730e
SHA14ae1efc917f07e4aba4f49467812989512fdfe51
SHA25601bf3cc066ca57ec4d4bba8dfce14ac6eda77779b940dcbf8ee7d4eed076b511
SHA5123679b53db5e6850070038102f1ee2169c2add35005c9288deaa0574f1d8041852161ad83d9534077cf707d15155d5e4412e3aa383189e19d73d5353c0f5a6638