Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0461073fb7...ac.apk

android-9-x86

10

0461073fb7...ac.apk

android-13-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    19/10/2024, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0461073fb7a0dc7ea5ddb84456220d89d801a579624b3e1a17ec9835ec2a4bac.apk

  • Size

    2.7MB

  • MD5

    e6834dbd240b31d908c2b1fe9e954653

  • SHA1

    50c778c3ee7df9cb49ff02d9a3ceb884222a174d

  • SHA256

    0461073fb7a0dc7ea5ddb84456220d89d801a579624b3e1a17ec9835ec2a4bac

  • SHA512

    299a22a93aa34f240cf418440ece4fc32f89e165936a780aba0689b5868afb1d5ab737143338f0281b5c4903da8f624057aa850d9ed699baf1b2ecc31bc5d234

  • SSDEEP

    49152:eGd6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQy:e4FjEI4iZaUzYH99yIl

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://45.88.88.100:7117/gate/

https://45.88.88.100:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://45.88.88.100:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4436

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    55B

    MD5

    be6e9b14aa276ca9b1920f499106dd9b

    SHA1

    cbf3533986e1798384f25adcc5b563d3faf99d81

    SHA256

    ee66cc789c1dec64ab92664cbdb8a358f2ae3c02676897513abbb0b5a488a720

    SHA512

    fe9676784dcac9fb48dc786ac1464e9420d81203eeac301a49414e9b4a95e11b816888947c93d90f23d5722c2292430cb50c6f0a3c1ab69d517c4cb6f74e1748

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    9601a22af868192bfaac61ab07dec50e

    SHA1

    cdb90c2fa8ebaaf38d6c3b6499abcbecb4753159

    SHA256

    11573e694a15ed512999c4c052f6c36295f1d19ac41248d6bdf2d0d0547f721a

    SHA512

    a04af90c77db5c6ca210f47bdb996c1bc9b45980e68366fe235e1f615e244d6d36f53641f1064e8cd822dfbdc0763c24e37b6a90e4bfb5ec0e7f1eede782e127

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    490B

    MD5

    67b91434a51b91ef534572a60e6328c4

    SHA1

    5b6d9afa15f7aa06b70f9f0f5f7604b8f261051c

    SHA256

    77be101cc85153629d12018bd18f76c7740d7f3de978adc099ee23c167e6abdf

    SHA512

    bf685cb2404a6b3652001ea07ff46f090dc69cc8c118dd9050ee4fa4038ed3fa0d9a0e34204bb06ce29cca21a33a4503854051f927fec94eb242f7af9eab55ff

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    214B

    MD5

    4915a2966084e42ec34e03f7c30bf3fa

    SHA1

    390507c2da426a416a9c7e28c2a6cfb876759377

    SHA256

    b4fc6ca3750d0e1b3c5e03300436e6f35f5d8f9781174a8caa55e2dc99c7708b

    SHA512

    9a3b08762278305080d35c96625911dc1cfe3555161cb55961da2a29b43baaf9e151bbc5eb9bbd5b3eb6335fa71dea18febc07ce31a50519cf97573bc8915985

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    54B

    MD5

    6bf4219ac90e78fb2633356326262af1

    SHA1

    36989fbb841e0c09c4c1d54d2ed401caaa9434bc

    SHA256

    776c4c7d826f371b8654920dd435bcb7d38f71baab5a2e5a5ec62ee042703a89

    SHA512

    4273ffab7f7b9483cbcb51db16cb89e678d91b84210aeb9cc6cdf6342a2bf55ed8f932e4cd4a88300ddfc12270b9163bd8c0dd1e80c334bde4e7ce1e1b3bddc6

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    0e63a3b796b7c39ad7eb75bc7df44133

    SHA1

    2460ba55a194fef0f6e9f18db1c787389c53c250

    SHA256

    c63d0d844974d9f10fcef12ab613f33da7c7d41294ef9d9eb1db1e3d6794bd59

    SHA512

    c9ad7a7270a476d5c7b99a3498e92fb9e01d925ec5e6e451b84df79f771ea00ec0b7c5d4c5d781e600b0e9156825519a252005f019ba90eec9245aa5757823f8

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    60B

    MD5

    b5d0e71f871c61a45da7ddb4e080627f

    SHA1

    8f739f0b455174cc1831f5968188a429965d3e46

    SHA256

    291636e6eef6187b2c2134ab874ecfcca8423d9adc2ca36f21f6b315cdb6478f

    SHA512

    3da91faf3f48b7dbca72fdc11bc24f48da08427b909e4e61fc54e44cbe50446ae653f76573598bb13999daf3777bb55b358661c1abb676334c5848ca4b4c8509

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    b644687e9fb3a2af00b4b194f247dd51

    SHA1

    ef828f25a8d8126b2ef99ca73df650ecbe763fb6

    SHA256

    fb877c1256cd2d7263b15e40d0953264f177df9fbf629decd5f783a4d4afa938

    SHA512

    9b2a679470a464b8aff9379c8e0ab61873cf4de18d58f2a87f3042cd65b9222112b9843bcd8b2af9089a74e2e85a84a427fd0570de7b7a9f540f547d298beba8

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    60B

    MD5

    2544c9812db2b47256153906b7e5c1c3

    SHA1

    a628f7d72f0d835487efdffe6d3a1ca8e39f03af

    SHA256

    185121228448b19b13f083dda8f8a67d5070922cbd27410525f7464e73c189ad

    SHA512

    c6879417efc6ec9239a76adc12ce01011607f016676db212ebbb22e05ef974cfd85300dcc3db1765f995999b18b56904a719d86eca279ad52f7d6b77959e61e4

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    52B

    MD5

    a6117cea9ee3fd6f79f0a563d2143a73

    SHA1

    4bb81e1b9562119687258547d40855b4cbd429e1

    SHA256

    ba5c5bcf2d96af9ad555ebebd45c092b207b67cfdb79b02149e6d4470956f44b

    SHA512

    c698f6dad0b826dc03a156e013c4c67caee8461ca729ff3b6cb8459b0383ad858cf98ae4da1ee6c6be6b93cc8f94662d18bad00b8d995bc741d98bd73f8459b9

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    70B

    MD5

    4d8c4f48c389278f48696ffbb532e5da

    SHA1

    0581d1bad6dea9e6fd91f9c7f6dd9f28f7a427cf

    SHA256

    e3373ed67b32cdb516e44997a93d9ad06f58313bf68f195d0bf9f3a20aa4f17c

    SHA512

    2b19df30d75240a4c628dbff1755edf2d0d5e759adb837ed7811982c3486ad92a720c4d73edd8dca6248213167844474a5ade57f9052850211cd5b8b67f714d0

    Download Submit