Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

478c43aa96...de.apk

android-9-x86

10

478c43aa96...de.apk

android-10-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    478c43aa96a43cf26548384d171898aac7d07f2810b3b5e5fc5957a3cec27bde.bin

  • Size

    2.6MB

  • Sample

    241129-17wsnayqfv

  • MD5

    bbcb3edd3b5102029ca963cf0023cc89

  • SHA1

    efd6608a2da1874e3b4a17768727fed71c3b665e

  • SHA256

    478c43aa96a43cf26548384d171898aac7d07f2810b3b5e5fc5957a3cec27bde

  • SHA512

    079ef87a9b57691b9ed120cfc6b81b06ef3bad931ab657479a40b2eb90a8e0837f2f94dfea0a6c03907fe770d31442200996015f578f4502b952713bdfa45337

  • SSDEEP

    49152:jQY3tFeBhovmr5+WW9NR/7yF/wL0Ra7eEr3Seo3BysEIcv62cEWvMjCyYnZRmXZW:zjeBhoOsp9Of7Rd3BANcByYn+JfZSQ/S

Score
10/10
octoandroidbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://asdhaskhjdksjahdkasjdhaksj.hk/MTBiYTAyMTk0NzJj/

https://shdiuvhisudvhuishvdiud.hk/MTBiYTAyMTk0NzJj/

https://asdasjhdgasjhdgas.hk/MTBiYTAyMTk0NzJj/

https://qssxsqxaqxqazxaq.hk/MTBiYTAyMTk0NzJj/
rc4.plain
1
JUPxRfxkXKC73MOx6aUG1wa

Extracted

Family

octo

C2

https://asdhaskhjdksjahdkasjdhaksj.hk/MTBiYTAyMTk0NzJj/

https://shdiuvhisudvhuishvdiud.hk/MTBiYTAyMTk0NzJj/

https://asdasjhdgasjhdgas.hk/MTBiYTAyMTk0NzJj/

https://qssxsqxaqxqazxaq.hk/MTBiYTAyMTk0NzJj/
AES_key
1
3534353639643261616165373137363333356136376266373265383637333666

Targets

    • Target

      478c43aa96a43cf26548384d171898aac7d07f2810b3b5e5fc5957a3cec27bde.bin

    • Size

      2.6MB

    • MD5

      bbcb3edd3b5102029ca963cf0023cc89

    • SHA1

      efd6608a2da1874e3b4a17768727fed71c3b665e

    • SHA256

      478c43aa96a43cf26548384d171898aac7d07f2810b3b5e5fc5957a3cec27bde

    • SHA512

      079ef87a9b57691b9ed120cfc6b81b06ef3bad931ab657479a40b2eb90a8e0837f2f94dfea0a6c03907fe770d31442200996015f578f4502b952713bdfa45337

    • SSDEEP

      49152:jQY3tFeBhovmr5+WW9NR/7yF/wL0Ra7eEr3Seo3BysEIcv62cEWvMjCyYnZRmXZW:zjeBhoOsp9Of7Rd3BANcByYn+JfZSQ/S

    Score
    10/10
    octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo family

      octo

    • Octo payload

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries the mobile country code (MCC)

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

4
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.