Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
03/05/2024, 05:43
240503-genrssae99 1003/05/2024, 05:43
240503-gel8zage5v 1003/05/2024, 05:42
240503-gejg3sae96 1026/04/2024, 11:24
240426-nhtwjsfc6y 1026/04/2024, 09:55
240426-lx8bdadh3w 1026/04/2024, 09:35
240426-lkpy9sdf5s 10Analysis
-
max time kernel
302s -
max time network
305s -
platform
android_x64 -
resource
android-33-x64-arm64-20240229-en -
resource tags
-
submitted
26/04/2024, 09:35
General
-
Target
1dda2398fb3c4c2aee9b2a18f0975b921cbd2809625618d7a91d174806c677b7.apk
-
Size
509KB
-
MD5
398d22e2d522ad3b4dec483d095ab0a0
-
SHA1
57864eac5ff484b9943bb30657a5b8b521a04068
-
SHA256
1dda2398fb3c4c2aee9b2a18f0975b921cbd2809625618d7a91d174806c677b7
-
SHA512
7d4c8aad0e3ea2fda730554f4fa8220567b94cf0e6a7c3d93112ea1b0b11cc972b00b3d00346976e664cdf82d672f94185f5868df9c6b9b81b2bee9748649b7b
-
SSDEEP
12288:+f22AykQKMrEjYTYVk5B+vdosmXw91+9VYATRWcOqZUeJnPG:+55QjYTPMvdjmXw9M31W5MJnPG
Malware Config
Extracted
octo
https://tecbabbshop24578.shop/ZDQyN2NmOGEZOTIK/
https://karamdsadvs2.shop/ZDQyN2NmOGEZOTIK/
https://karakalandankasd5.com/ZDQyN2NmOGEZOTIK/
https://tecklardankalan.shop/ZDQyN2NmOGEZOTIK/
-
target_apps
at.spardat.bcrmobile
at.spardat.netbanking
com.bankaustria.android.olb
com.bmo.mobile
com.cibc.android.mobi
com.rbc.mobile.android
com.scotiabank.mobile
com.td
cz.airbank.android
eu.inmite.prj.kb.mobilbank
com.bankinter.launcher
com.kutxabank.android
com.rsi
com.tecnocom.cajalaboral
es.bancopopular.nbmpopular
es.evobanco.bancamovil
es.lacaixa.mobile.android.newwapicon
com.dbs.hk.dbsmbanking
com.FubonMobileClient
com.hangseng.rbmobile
com.MobileTreeApp
com.mtel.androidbea
com.scb.breezebanking.hk
hk.com.hsbc.hsbchkmobilebanking
com.aff.otpdirekt
com.ideomobile.hapoalim
com.infrasofttech.indianBank
com.mobikwik_new
com.oxigen.oxigenwallet
jp.co.aeonbank.android.passbook
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload 1 IoCs
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.beautyship51⤵
- Makes use of the framework's Accessibility service
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
418B
MD5c9886e6e8a426cefb16bb381480c12a6
SHA185734e29aea7552035cb90b88ef2272579988593
SHA2568ab6a771d3241d51e6d131c3911d231e2ce14e4bbdf565e70dca32bda05b9fb6
SHA51220d5115ac0506bdba30dcf728c6f37679b07c9506de9b03540941d5820a79de18164a55a8ec7a6dca7916886779c5b236ad71c120fa3f5fe32c0bd64a1a0a037
-
Filesize
402B
MD5b1435341764d75e7f352f2a42f02b250
SHA16a53cf21fa9c3e9afff5c406bca1e2a50308cdab
SHA2566eebf14949d1c4ad420f32ceda70c96d39747a3ffcfe25efb9135e872ccb92be
SHA5122b87c5d38c1e0e9a4ea8e86b618bb283aed3ac8ac96c0e06ee4d5a8bac808acc9aad5d4d3de6564c1a9c0b51ce4fa0b4b04a3b6ab01b7ac72c9ff3a92c77e701
-
Filesize
449KB
MD57cfcfcdf2f1a2e962d3975435a55b97d
SHA10e3b3c6e167542c580dec3a674f2fc3b4e91628d
SHA256abe48a2b945177b37b9f59db9f4d8f92ea9dc991f0835b7df3191e937b6d8929
SHA512eafb08deef09f5b4644c42e9bccac724dd5ba0345f43ea5cbc4ca8286b6ee34e579fa6195fbff24ceeb5e25db521e44edd99cc4d9a5691405e0e1f71b805548a
-
Filesize
63B
MD528df2379045358fbcf9289249e030205
SHA16a3618f3c36cc6a7bfedc8c0b912061584ce490b
SHA2568786fb4399d54bb3d007634e96d5e754b79a466f01a505fb74654f793a648e21
SHA512e4e2e1cea5c0a3ce825aa8c690469b27578c5e5d39e06b3e56f5c49cb2ace29bbf59a7b49adafc799211c09fdc019ebfd382a283ffd8767ea4149a83f216ae32
-
Filesize
68B
MD5c685901cccca07d9f86a57c418b15afa
SHA1b23d817a40819e408cb4c8fce314f8c0a880e8f2
SHA2560b4923e96d9642bbc16b88d0e88c726d27256f07e277d4663671a2a06d10ee28
SHA512f08b7e87d7d6af7fb215e80ef45416a8fce99a73a567299e638c8068f5d5078191e0af845fa36f804c9366b01645c1a830103142646539c7cc1fd9854462e308
-
Filesize
68B
MD53f2e048689e90032d6ce76f07632116d
SHA1416238734d96cf252e072c59096945beae4e3b25
SHA2565126471cb15d294864236eb5c72213b80e8c8831e9461d814de8be8a778b778f
SHA512cebbd3e235e56988470a162ca4c7cd7a7edf9f169ca216968f10517b78f9d377562dced32d751b99ae8683d6cbfb7e970a56a525b6b0fe0c10eaa8d9e3f4cb84
-
Filesize
60B
MD5dbb623bca941596993a1b9fd573d533e
SHA11cce1cf3a06c307519e50afe9753bf4f2b6b2480
SHA256e20da9773a8a47b4e8ffa81972a1d7982bb9af0bb2d6997a3f7cacc657f0d23f
SHA512273109644c49f67d87678ae4a1ea8952a2bf016b7f9ee2a39c385c934f910eeca9964b99af2e24bfb232c473e81673aeef42d777044e11b99eaedba5fa74017f
-
Filesize
52B
MD5a9b85c73a4f8e03dca4e4df7fb991d86
SHA1874330f409f579f1b77f3b48317a517fd6b4e3c4
SHA25666f702de280fae61f45a47bfde19210b986224a9e508548c3a13cfb0356d0bd4
SHA51213b93ccdbd5b8ae62885e7ca1f14fa7f666056d7b82342fcd6516f144a88c142ea8fdad4724e08f7d4e7d57f0bcd04a23433b178e3a4f2210ed5059c26ef23ad
-
Filesize
66B
MD5da4fd0271ac9a33500a946eff944228d
SHA1e6e35edec7f5959645ff9aba9e00bee99a0f41fd
SHA2569aae8e06300c4b5d2935f30c6031029f2f1942d898536f0c5d4c66b1ae02c9a7
SHA512de8accddcada30e04cec327a5d446d0afaff3e1407c982ccf2eebec68c2d489d5930ffd900a95ad572f4b5fac668c4b3951ccdee2f21172fe4db24fc7bea6474
-
Filesize
52B
MD596aa80ec38f9ad196228521c8780bbcf
SHA169d24bc518c717763bfe979c2bf542379d4d7c2e
SHA2563893cc2917bf9c25486d13c0100b832ae6aaf43b6d04c5de30bbe3d763aecb22
SHA51214f23ca60a14b6220d8ff99f28c5de9c3e6f84505f74dd6965d5fc30608d29ec1c480d6880137877f295b4fc7a1d283209777477df23339127ca19b0f4edf930
-
Filesize
66B
MD5cc4347eb03a89a45360899ef4a4a25bd
SHA17e10d8300e4b97ca7c384ad85b71e076bcee288b
SHA256a8a71215768d29b6384108df41e06030973e2b8edd3e98f536420567dac5c6bc
SHA51291fa5568af34a386241d89199a39bcdcd1f18b7d422cf07ae573762917df6415c962cb7ee769c6a896be9ef632332ed6c3e46af7c5b9c202b83a56a092d19ef5
-
Filesize
84B
MD5131cccac529d0bcf9772e39f97ee8d3b
SHA149def5f0b3c71b041ea9461bf719b73dff211b2d
SHA256d1379e0d8910c1eac85422c882e6144a3deeefea01c42cf733af60109fc4b9d0
SHA512198b1a8dd06cde09e56094e48ad1700b8c06f6aeada875502f33c15a7e634e8512da44f5efb8beff4c5802b958379e6412ab5bb93e6a14e9807f8221e04bcd86
-
Filesize
68B
MD50300cf9a7da5a8afa455f1056ca3c6e6
SHA10fcf8ad7383c2928d3c24bf02d14b203dad41a3c
SHA256a0411056e867dd7a15a716e43a1660cd2c5374874c19ea07345451b7902d2cba
SHA5124d71434818b368dc082d5266c3a43782ac450d9a149aa73a8a417f0c2581d46a339a09657468cfef8a01004a48260991cb4595e37b7f193db4c7e1b93b077937
-
Filesize
68B
MD52932aeba1b9d2885a979769a546c7348
SHA154b7ba572074cda02dfd5080ce059c7ba9cff616
SHA2564e0d6f00a7885b0ace4b8e81b64808d3cc92ceeda0a11ee34b6d3cd7bf519ebf
SHA512335caed67dc0c58872ceddb695ec530b51731659f9b3c260d536c2e03f5444b9d9f406e72dbb28652e6871be78b5d2cff0e186a980aeae798d937ddda386a89c
-
Filesize
28B
MD56311c3fd15588bb5c126e6c28ff5fffe
SHA1ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA2568b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA5122975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6
-
Filesize
179B
MD5c7f9d51096b9ee418824f574c16740ba
SHA1ddb9b51621755196f6625ffdb25761d3db016620
SHA25640fe66b3d801cf92c8e6690b132dc42a9ef03153dc4dc806ed4afe0b07c61cbe
SHA51278288497055b5f04e3e947b1eaab2e43d48d0ec545afaf5f766bf3e617d11e7eb24f7938791fb90227524ce57fcbd091e9044211f7783471678c0505e35dad33
-
Filesize
177B
MD5c5a488e94e2f1282335510fe57953df6
SHA15bd969efb3ee602dafc849b45d3f7cee3046fa41
SHA2563286c83d72a47df90f5afff3c99d90801d22c500bc837adb0b05fb1b28c30e7d
SHA512a56594a388fb1c64755dc3b25f89db9809475591692f063a4dacff06bada0fdca397165899b2536852318ae98de57c985a155839311bf2a6163b8d222c32060b