Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d692decd7b9d8efd98c53183d44269c0aaaae4b8a4941348d6017712bbdd710.bin
-
Size
4.9MB
-
Sample
241207-1znr3s1qdl
-
MD5
efb4f7615947dfac5b09926450ff8756
-
SHA1
ad0f6d4ab2aa88caa166e80d6116807c47436a0b
-
SHA256
7d692decd7b9d8efd98c53183d44269c0aaaae4b8a4941348d6017712bbdd710
-
SHA512
e533837a2f1974a2474cb152b6cba95d9725b7e8e9711c6adaa18fd39a060dede371da6c6ad6a6ea5bdbeaa66012c1b97bbb75fb2d10354717e2cc512787decf
-
SSDEEP
49152:sSRsEXeHnKtoj7I45iS7xrGDvngRUt5jVKScYNgShcxuW3274uFmEnHV9isQf:5RslnAoj7x5iSRGd3VKe+tAZ8EnHV8f
Static task
static1
Behavioral task
behavioral1
Sample
7d692decd7b9d8efd98c53183d44269c0aaaae4b8a4941348d6017712bbdd710.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
7d692decd7b9d8efd98c53183d44269c0aaaae4b8a4941348d6017712bbdd710.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
octo
https://d9867c8f08e4e2ac1ccc94a06a238493.mx
https://fc821709414c2850a46fa45aa2f5e22c.pro
Targets
-
-
Target
7d692decd7b9d8efd98c53183d44269c0aaaae4b8a4941348d6017712bbdd710.bin
-
Size
4.9MB
-
MD5
efb4f7615947dfac5b09926450ff8756
-
SHA1
ad0f6d4ab2aa88caa166e80d6116807c47436a0b
-
SHA256
7d692decd7b9d8efd98c53183d44269c0aaaae4b8a4941348d6017712bbdd710
-
SHA512
e533837a2f1974a2474cb152b6cba95d9725b7e8e9711c6adaa18fd39a060dede371da6c6ad6a6ea5bdbeaa66012c1b97bbb75fb2d10354717e2cc512787decf
-
SSDEEP
49152:sSRsEXeHnKtoj7I45iS7xrGDvngRUt5jVKScYNgShcxuW3274uFmEnHV9isQf:5RslnAoj7x5iSRGd3VKe+tAZ8EnHV8f
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC)
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
4