Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

010127fcf6...b1.apk

android-9-x86

10

010127fcf6...b1.apk

android-13-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    137s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    12/11/2024, 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    010127fcf69e4616b550df63214db1e191ac5658dd503077533ac2405ac10fb1.apk

  • Size

    2.7MB

  • MD5

    f2524b9ceb9e6b721e289ba87a1aeee6

  • SHA1

    5b4cecccf32868f123b405a4997684a4c933e9de

  • SHA256

    010127fcf69e4616b550df63214db1e191ac5658dd503077533ac2405ac10fb1

  • SHA512

    5f8e0bc9dfba6cc54fd9574b60c65ccb7dee5616ba9ad27559bf1303de54d773b42f32f2f19a3945bf3220ebb5283689b07c08ee64754e8e6d22dba9a480d8cf

  • SSDEEP

    49152:UMygCkm6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQN:7ybkmFjEI4iZaUzYH99yI8

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://80.76.51.220:7117/gate/

https://80.76.51.220:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://80.76.51.220:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4343

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    490B

    MD5

    55a4a6ed9a3f340923829a6df5eac9c2

    SHA1

    e9dbc7437932ee169806ed7d2a50f7c638388656

    SHA256

    611efcc02d98467ee850a3b2b9caa6d81c6dcd210532e960d4ced7e6a9b1f3ab

    SHA512

    c3cb604608d05b1afd7553f9846eaaf486953171e06b8160c640ed5a8e3c050bd35a99fa4dd29fefaa324907c8ac4f9c4f1bdf36f0ff2fc24fc38383c9f9ca70

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    214B

    MD5

    42a9a03643377d6cfe44f06eced8381e

    SHA1

    d9944b1fad466e1c200381bd84266407edec4365

    SHA256

    524cbcdc386f319662ebb2db64ebfd2d874c2091f9c07610587029869dd1cefa

    SHA512

    42ab3d4e6b007569d5759f371d199ab30b8e6ac6c11d1f9e8d27dbf76a984defd7163b90f948f6625cbb55baef424699b69f8d32d6ee7d767d1a0429a33a77cf

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    214B

    MD5

    8d177771fc86e80fbe26cd1e69e31d84

    SHA1

    17419a05985a7a7bd0effbfa30677a6f2989d7e3

    SHA256

    079f84f1927ba30b3cc7f95a13aca6234c36224fedf0ca5d007322965d9e0d59

    SHA512

    e694abf352190f41eabe34032e4a5c027fc44a90516afc1e8a9cc01c573cc5892551e6ed919222271685edf2dc2fd893f38b1aba2ce77ce84440b017ac9476af

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    52B

    MD5

    7d9ed44124387f486de41e4e9f895664

    SHA1

    263d85407be29e9ce2526de4d0097683279af9e3

    SHA256

    a40c6825b2a9360e8c7bb6557f799289f57d7bfc406c71c87842f299382ba408

    SHA512

    15f57b82bcbe93c922e1deb15567a13de9ff6bdf3e948d928657a3bc1c4c6261692f6e743bcf9bb59c503d78a1cd5efff371759c61f08a151097ab13274afb2b

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    70B

    MD5

    3e16c2d94825a17c35ca11c25e229a0a

    SHA1

    1c8e2edb5fa453048810c293700120e4a7fa8798

    SHA256

    4c055c5eed9fa78413e3e6c5e2871ebd7e29927490d8e26687a952504cb7f9af

    SHA512

    1cabae92aafe5c585f0d6ec1f00079f38c87af490265ee223479bc93d70e18487f37f6183d34b68da4899fda56f5b16f93ee8a3cc8f55a1526e32e8bae9e9aae

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    55B

    MD5

    43bbf1215126769565aca6652f483703

    SHA1

    0f288d84451c0e237506f5f94036d74852f6e47a

    SHA256

    cfdc05be054134f3ce373d3c6c8b0ae67228c06c6fafe2b97e9192771a01986f

    SHA512

    f09235cf362fbfe50db7f242d49e3cda1276a622fc1c132c3fb21590c8e54ead27fcd68d37bc71054c2ba64bf4c4240678ba0df98cbcb5f8f2a9aa3d9400502d

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    03a498f3b76102bb49502cb30a9d5dbf

    SHA1

    6ffb967eed637e860c3addb5fae01a278ab00f02

    SHA256

    477083764e2e0632e38f65433147b5e1a84af98f329e90e65f5ecf6fe4b56a0d

    SHA512

    a16c8a07e4cb234ead7f7654d0c851cdba5140590e9100dc884eac396a34cfa6c9c0817da093ecbff3587dbbf72a323dcf20f77eb1159ccfee80ac3f849f4793

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    70B

    MD5

    868f02912d2c98c865ddadfeadc273da

    SHA1

    81ce16ffb890daf40e8837828339063033f57330

    SHA256

    e9e0c6805f45bdfd209b99d0994313865096135f25dec0ffecb6d898affb21e3

    SHA512

    f4f40077181da67f5dfe99d99125c15c9a1086ae52d4839bb720d8e9a8ae67475e208021a0fcd48c3c176bb55b1b4684a59d515c4f91ec5a89142a9e705acae5

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    45B

    MD5

    8c938fa1567d9ba9929ba00c2d296be1

    SHA1

    59bf17208a3496cdfe6c3f7a37367479e9bbe03f

    SHA256

    6752ce997db54022d4dd3480a3bce5ceefe76419047352326f5c09b4d3ddbebc

    SHA512

    1a107ab045560c106795a0c28c013fb55fd16e5732cbb1bbfd725ae9c8e11c5078cf7000cd998d1f081e1d7d1168b6ee964329de382ab3204c538d9ee5c73bc8

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    79B

    MD5

    d05674d5213b5cf4f956025714589d9d

    SHA1

    e24a5036838034bcdf675af7eda7c0a8d84026af

    SHA256

    45aea68e81f7d8313e14874b96c3e4bbb4b4da4b43cb66e2c9f3a14654a0068e

    SHA512

    ed630b01e99624a11f48eb1693c5f24f34a6856c23a27f9d8da3f0b8c266125ba6533f8807cc8fde4ff82eb31ffeca72fde26e7cce64c9b61aebf25d7f610f80

    Download Submit