Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5a509a6504bfb7d09682ec44554c45e660bf5e20dc756360c052f97df55a3a37.bin

  • Size

    1.5MB

  • Sample

    230826-1yy7esfe2v

  • MD5

    2380a8c53a3e15b004a06ab048f4153a

  • SHA1

    36037bf8ef71c415d0ea7a88f5fe1296fd3f9207

  • SHA256

    5a509a6504bfb7d09682ec44554c45e660bf5e20dc756360c052f97df55a3a37

  • SHA512

    43ace8077d8b00617479042c977f0651d30e12e461da7f266d1a44040bdc925e6e9aa074cd2c3b05ddfa15c8458774b5f389f13e66a0feab8e6e5436f539a636

  • SSDEEP

    49152:YwHhzKBkVJK4j/nspDwQFXWZGZbmqViK0AE4KoSi:YwBzKBkVJKafYJFXWZQ/Vb7

Malware Config

Extracted

Family

octo

C2

https://superjunggvbvqq.com/M2EyOTM2M2FlY2My/

https://junggvbvqqqqqq.com/M2EyOTM2M2FlY2My/

https://lajunggvbvqq.com/M2EyOTM2M2FlY2My/

https://junggvbvqqgroup.com/M2EyOTM2M2FlY2My/

https://junggvbvqqnet.com/M2EyOTM2M2FlY2My/

https://abgggpoh.com/M2EyOTM2M2FlY2My/

https://nisiqniqqsiq.com/M2EyOTM2M2FlY2My/

https://nisiqnisiq.top/M2EyOTM2M2FlY2My/

https://abgggpoh.top/M2EyOTM2M2FlY2My/

AES_key

Targets

    • Target

      5a509a6504bfb7d09682ec44554c45e660bf5e20dc756360c052f97df55a3a37.bin

    • Size

      1.5MB

    • MD5

      2380a8c53a3e15b004a06ab048f4153a

    • SHA1

      36037bf8ef71c415d0ea7a88f5fe1296fd3f9207

    • SHA256

      5a509a6504bfb7d09682ec44554c45e660bf5e20dc756360c052f97df55a3a37

    • SHA512

      43ace8077d8b00617479042c977f0651d30e12e461da7f266d1a44040bdc925e6e9aa074cd2c3b05ddfa15c8458774b5f389f13e66a0feab8e6e5436f539a636

    • SSDEEP

      49152:YwHhzKBkVJK4j/nspDwQFXWZGZbmqViK0AE4KoSi:YwBzKBkVJKafYJFXWZQ/Vb7

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

    • Target

      license.html

    • Size

      30KB

    • MD5

      a095d4be2768cb6d37f9aa2de90a8a67

    • SHA1

      2c87de9a26cf1ee17d701c333f088db314b1bce1

    • SHA256

      30d2be0e050b7f1ec5e390326cefedb6e4a6304f5e2a623d0f7678cb67ff308b

    • SHA512

      0ec91a396b39029ec6585215e777495d97e72191438ec37d93e203931a1ac79b1a966e201b9b92982439e3d372f82af98a64914647464d30e1f7f3ab8a558998

    • SSDEEP

      768:/03s/uZ7je9IeMkkEdgC3BOgNMXUgPGaMx6NzJhCgaZpGgPGaxvam:/0c/uZ7je9IeMFIgeOgNMXUg6x6NzJhu

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks