Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a.bin

  • Size

    557KB

  • Sample

    230922-1ws8dsce53

  • MD5

    0bcbd376e9bc986dac87590bc8eb22e7

  • SHA1

    1dc43f9ffa2f86171919eca852a9a417ece7c082

  • SHA256

    022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a

  • SHA512

    5644555a496dd00aaad9e27c64a5635e0085ac5fae9cd81881edbe0f8074d3ca03ab6c5a55c434f74c55c92eec6ba0e09288deddb0b28350115999891432becf

  • SSDEEP

    12288:hAi28oYZudl+QeQHFIU7Zuj9fMcloaArWDJJf+41naY7jCKcxznf:hAi2sZudJ2UYBMQv+AaYSxR

Malware Config

Extracted

Family

octo

C2

https://185.225.75.207/ODVlZDlkMzU1ZTRi/

https://2jamiryo22113.net/ODVlZDlkMzU1ZTRi/

https://4jamiryo22113.net/ODVlZDlkMzU1ZTRi/

https://3jamiryo22113.net/ODVlZDlkMzU1ZTRi/

https://5jamiryo22113.net/ODVlZDlkMzU1ZTRi/

https://6jamiryo22113.net/ODVlZDlkMzU1ZTRi/

https://7jamiryo22113.net/ODVlZDlkMzU1ZTRi/

AES_key

Targets

    • Target

      022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a.bin

    • Size

      557KB

    • MD5

      0bcbd376e9bc986dac87590bc8eb22e7

    • SHA1

      1dc43f9ffa2f86171919eca852a9a417ece7c082

    • SHA256

      022e1e2decb27cb580a1234ffb095b9ecd3b5462939023a825bc7e604ff2fd1a

    • SHA512

      5644555a496dd00aaad9e27c64a5635e0085ac5fae9cd81881edbe0f8074d3ca03ab6c5a55c434f74c55c92eec6ba0e09288deddb0b28350115999891432becf

    • SSDEEP

      12288:hAi28oYZudl+QeQHFIU7Zuj9fMcloaArWDJJf+41naY7jCKcxznf:hAi2sZudJ2UYBMQv+AaYSxR

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

    • Octo payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks