Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923
-
Size
3.3MB
-
Sample
231220-g43x1sfdel
-
MD5
ab4dfc2cc89eed6e9039f3ea0fe4cb76
-
SHA1
ed5b65c7c3677e590edadc4e7f1a49fc9296cd51
-
SHA256
8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923
-
SHA512
506142bdc14f576f9f0613aebfe2c94fca45afd1844df3670ef85c7a6b922ae0c04aafaf77b3129cc21417bf538db7bb165e6190de2480d71dc7326550c9bf75
-
SSDEEP
98304:jKZbAI2VY07HPiEnWgCUARPBR7AJ63RvE:GbA1PHn/bAR5R7AJ63RE
Static task
static1
Behavioral task
behavioral1
Sample
8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923.apk
Resource
android-x64-20231215-en
Malware Config
Extracted
octo
https://checkserversippool.xyz/NmE0N2YwOWEzMTM3/
https://poolcheckipservers.xyz/NmE0N2YwOWEzMTM3/
https://poollipceckservers.xyz/NmE0N2YwOWEzMTM3/
https://poolserverisippool.xyz/NmE0N2YwOWEzMTM3/
https://serversippoolcheck.xyz/NmE0N2YwOWEzMTM3/
https://serverspoolcheckip.xyz/NmE0N2YwOWEzMTM3/
https://serverscheckippool.xyz/NmE0N2YwOWEzMTM3/
https://ipcheckserverspool.xyz/NmE0N2YwOWEzMTM3/
https://bestscanipworld.xyz/NmE0N2YwOWEzMTM3/
https://scanbestipworld.xyz/NmE0N2YwOWEzMTM3/
https://ipbestscanworld.xyz/NmE0N2YwOWEzMTM3/
https://worldipbestscan.xyz/NmE0N2YwOWEzMTM3/
Targets
-
-
Target
8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923
-
Size
3.3MB
-
MD5
ab4dfc2cc89eed6e9039f3ea0fe4cb76
-
SHA1
ed5b65c7c3677e590edadc4e7f1a49fc9296cd51
-
SHA256
8b18b8a7f11a7976be5f1bf991b358a4438c78faf798073746973de520abe923
-
SHA512
506142bdc14f576f9f0613aebfe2c94fca45afd1844df3670ef85c7a6b922ae0c04aafaf77b3129cc21417bf538db7bb165e6190de2480d71dc7326550c9bf75
-
SSDEEP
98304:jKZbAI2VY07HPiEnWgCUARPBR7AJ63RvE:GbA1PHn/bAR5R7AJ63RE
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-