Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a.bin
-
Size
557KB
-
Sample
230922-1ws8dsce53
-
MD5
0bcbd376e9bc986dac87590bc8eb22e7
-
SHA1
1dc43f9ffa2f86171919eca852a9a417ece7c082
-
SHA256
022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a
-
SHA512
5644555a496dd00aaad9e27c64a5635e0085ac5fae9cd81881edbe0f8074d3ca03ab6c5a55c434f74c55c92eec6ba0e09288deddb0b28350115999891432becf
-
SSDEEP
12288:hAi28oYZudl+QeQHFIU7Zuj9fMcloaArWDJJf+41naY7jCKcxznf:hAi2sZudJ2UYBMQv+AaYSxR
Static task
static1
Behavioral task
behavioral1
Sample
022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a.apk
Resource
android-x64-20230831-en
Malware Config
Extracted
octo
https://185.225.75.207/ODVlZDlkMzU1ZTRi/
https://2jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://4jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://3jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://5jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://6jamiryo22113.net/ODVlZDlkMzU1ZTRi/
https://7jamiryo22113.net/ODVlZDlkMzU1ZTRi/
Targets
-
-
Target
022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a.bin
-
Size
557KB
-
MD5
0bcbd376e9bc986dac87590bc8eb22e7
-
SHA1
1dc43f9ffa2f86171919eca852a9a417ece7c082
-
SHA256
022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a
-
SHA512
5644555a496dd00aaad9e27c64a5635e0085ac5fae9cd81881edbe0f8074d3ca03ab6c5a55c434f74c55c92eec6ba0e09288deddb0b28350115999891432becf
-
SSDEEP
12288:hAi28oYZudl+QeQHFIU7Zuj9fMcloaArWDJJf+41naY7jCKcxznf:hAi2sZudJ2UYBMQv+AaYSxR
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-