Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
7s -
max time network
145s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
17/11/2024, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
e6569b723ab84a98c9f8d43b03f0aad49efcf2c314efbc7ae6f99d2f462febd3.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
e6569b723ab84a98c9f8d43b03f0aad49efcf2c314efbc7ae6f99d2f462febd3.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
e6569b723ab84a98c9f8d43b03f0aad49efcf2c314efbc7ae6f99d2f462febd3.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
e6569b723ab84a98c9f8d43b03f0aad49efcf2c314efbc7ae6f99d2f462febd3.apk
-
Size
605KB
-
MD5
e109abe047081e2850c113f051fa2399
-
SHA1
013a453d3cf1a897a8055c4dcd0ee974b7fbe15d
-
SHA256
e6569b723ab84a98c9f8d43b03f0aad49efcf2c314efbc7ae6f99d2f462febd3
-
SHA512
a084442a82f83ab83db09bbbfaa0d4218e0c7d246544ac978fdd261d7ef7c32e802b202ebee558eb2916af35a1ad499bb9f9e431aa42a40cd1b30e06d7933cf4
-
SSDEEP
12288:4TK+XfiFh6KipZ8hlrOKMWLfkf8+U01PxKeyis4hDLrMhdy4:4ThOfiZI8tt1P7yisIzgdy4
Malware Config
Extracted
octo
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
resource yara_rule behavioral2/files/fstream-3.dat family_octo -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.eachdidrtz/code_cache/secondary-dexes/1731880834951_classes.dex 4969 com.eachdidrtz /data/user/0/com.eachdidrtz/code_cache/secondary-dexes/1731880834951_classes.dex 4969 com.eachdidrtz -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
447KB
MD58262b6e449a9c36b0b04da4f0ba66faf
SHA19048317b5eb21106a26043dccc50bf88e01c01ff
SHA256219ed6c3f2a607bf79d237ec79da71c60f5dded5628755ac1c6a49f4da0192ab
SHA512d8c8c934f4f4e24820e4cfa22049eb1107bd97a38250574f47e80513a07598d60c900c8fb13ca668e55462112b926ced3e3e8490cbc16baeac7c39cd37b893be
-
Filesize
1.1MB
MD5466d8d46387ad88b170b1c35085e9e08
SHA164279445185cc85ecca8e67aa626ba2dd3a4b6e2
SHA25654a4e0e614f4e25153271efc05103aaf57ee70abeac84a921f48e5701159bbdf
SHA5122e8f0ee18b75921bcffc151df7cefad1b4c5ec5b8ab1df79c8808222be5524d107438458f5d64d24ff6a1ca61491895cf3a458a95ea6a456cf82c1189901573d
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD598074f0879b55a32387bdab5d489b158
SHA162f0d5fe884c01e2014a4c3eed5408252db93788
SHA2566d7f18e5f99a470ca0ea7826b9c09634244c379ae50e77bcb3903865a1370a19
SHA51228c428a6e4762fc3eeaed8f73cc67db22c32c1c29b2f80e12c0cbc52f5f0e9f53eaf3f9157406fd5b16037f7c7880e36d8257042a51a286471222bfab334b84c
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5a067f1bc2f621379dc9aa0d5631844be
SHA146de47d9907a438f57ad7f527587ed2111e9a5d5
SHA256388d1035fcbe1a31cd4dd24188417ecfced0357c954f2c467d089e826a3869d1
SHA5128095d827eb7ef48e558a4c3bfa5983ebcad1181b8340ef929d0b6e22cec15f6a00a265f093e17716f74f15032bb8818cecee3dcc87a0c219d339aa45e7c2bc5d