Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
433a62667ede1e404312ab08dab78c353b7fe7a82f2d7820e93adc94df69c3dc.bin
-
Size
1.5MB
-
Sample
230818-1w181aed69
-
MD5
0aa5a0aa49e258fd8ef712280fe8cf5f
-
SHA1
3939e9a4efa7a58b046abc84699eb350ed339d1e
-
SHA256
433a62667ede1e404312ab08dab78c353b7fe7a82f2d7820e93adc94df69c3dc
-
SHA512
9546aeab180bbc637d9da902439a4915e3af35f669eafe7f333e7aa70fc3346a7392f8505a00f044e36d88374f533d95a70149f56793835c31aa6dec09dba03e
-
SSDEEP
24576:24JmEeFQ8V21krMeKYzj7Bgwe6JEId4U182IkoGxDYbSk6E/BtGJ6EwmnGcYOoUT:TF4Qv1k45Yzja6JXd4U182TohSk6EpQT
Static task
static1
Behavioral task
behavioral1
Sample
433a62667ede1e404312ab08dab78c353b7fe7a82f2d7820e93adc94df69c3dc.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
433a62667ede1e404312ab08dab78c353b7fe7a82f2d7820e93adc94df69c3dc.apk
Resource
android-x64-20230621-en
Malware Config
Extracted
octo
https://smartcontractlicense.info/puap9udshc2ZmZjMmUzMghst/
https://smartcontractlicensenow.info/puap9udshc2ZmZjMmUzMghst/
https://smartcontractlicensetodo.info/puap9udshc2ZmZjMmUzMghst/
https://smartcontractlicensewow.info/puap9udshc2ZmZjMmUzMghst/
Targets
-
-
Target
433a62667ede1e404312ab08dab78c353b7fe7a82f2d7820e93adc94df69c3dc.bin
-
Size
1.5MB
-
MD5
0aa5a0aa49e258fd8ef712280fe8cf5f
-
SHA1
3939e9a4efa7a58b046abc84699eb350ed339d1e
-
SHA256
433a62667ede1e404312ab08dab78c353b7fe7a82f2d7820e93adc94df69c3dc
-
SHA512
9546aeab180bbc637d9da902439a4915e3af35f669eafe7f333e7aa70fc3346a7392f8505a00f044e36d88374f533d95a70149f56793835c31aa6dec09dba03e
-
SSDEEP
24576:24JmEeFQ8V21krMeKYzj7Bgwe6JEId4U182IkoGxDYbSk6E/BtGJ6EwmnGcYOoUT:TF4Qv1k45Yzja6JXd4U182TohSk6EpQT
Score10/10-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-