Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

4be0e4bc7f...e5.apk

android-9-x86

10

4be0e4bc7f...e5.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    15/12/2024, 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4be0e4bc7fc9aef4f9018ad207c03fb22b3c0abf50335d948f0b46a2a5a871e5.apk

  • Size

    2.7MB

  • MD5

    95ecc02ea365aca134ed6ce35cc3884b

  • SHA1

    5c20cb2ec10c445ff7a7c19d4acd2aae83411f30

  • SHA256

    4be0e4bc7fc9aef4f9018ad207c03fb22b3c0abf50335d948f0b46a2a5a871e5

  • SHA512

    edadfaa9d9cbad1ba504baa3f5676c745f818e8100a99ccf1f31c038d9cd3d31e184b16cad0f4290dc67db0470711c31f9876c5bc0a400e3ca2035c2710d5444

  • SSDEEP

    49152:Rkdz6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQY:RWzFjEI4iZaUzYH99yIT

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://87.120.116.233:7117/gate/

https://87.120.116.233:8080/rootmd50ma/panelcgfuzwxleg9kdxnvy3rv/gate/

https://87.120.116.233:80/builderxxxzzz/gate/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.nameown12
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4469

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nameown12/.qcom.nameown12
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    84B

    MD5

    11de574ace22bbd827440c8052cf97fe

    SHA1

    05fdc2950207ba631852781876e2830c194e927d

    SHA256

    842cc33fac33d3956b77f026696c5744c6d6235954871a272d6892781016669a

    SHA512

    0cf10fe7ab10796fb63eb69b349d967eaf1572d3881e981c870fdbe9d753831f52abb3ecf9c366033f91d182300a1898ee9a9ef1dbaaa6d1c2580cf04b429c18

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    9ece3296aa3c6fc130c22b5f8f5c53eb

    SHA1

    fc3847512970f99a0bc5ab835362ab56fa991de4

    SHA256

    916f67a1073c472ca38e70650c1fbd96bf15cf7b76e4f6f60b57231fd24e6611

    SHA512

    11ca65bb801f48b921372419d06da641fefb1a229aaf6ade693ee30215d749d33143dbdeb1c317a573142937710300275909b5856260e3ab5c5818efbefafe98

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    214B

    MD5

    a82e6207cb0c5629beb92aac30e8b212

    SHA1

    7bbcf3df07474e5bab6f1ba0d6196a9367b5146e

    SHA256

    2b5572a324b958d5c5385b6d5edb711183dc486122cd551e5bca2ef254085134

    SHA512

    164bb8f4b9b67d4183fac88e8f2627f3da5e44464de32b4263020f7bad13f5c24f2b9f213b9e78ca58320ac635d0d98f98c9ba49716bfdef4a00c0a288076f77

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    54B

    MD5

    3e90bd0e4a95bf69cb8522dde36b7c53

    SHA1

    181fa5227ea064667680793dfb90b111b2675cc7

    SHA256

    ec2354c08d62392d18bb4cd11e6d3e38ea39bb6ba09fa27cf5fd6af68a651e12

    SHA512

    188160fefd9c0e955f768cf0fa2ba1af3de20021ad83a9da112f029eab7127ce5567a485ef559881acb227a84789848cbae398fd03f035741b2177fb06763f01

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    68B

    MD5

    a7fc32bcc57c2b2faefe051f233d93a3

    SHA1

    f8e2c773aba669a88a79e44a66dbdb8434d5bae1

    SHA256

    54e1f814cd8767d27c43190171c2b70a75c6843dffac23851a2d38876c02ebb1

    SHA512

    63e5bdfea0406d99ece7f42d03f38cefd24355c2caa25e64c4e7e29eea406770c69dec4dd102c5b5bdf353858b30ac2ab6773e471919506a9e5aa44c6ac940a5

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    60B

    MD5

    9af2b57612c18cda0fab6cad83c06174

    SHA1

    93318fbb898cb9093c203972be784d258f0b8f5c

    SHA256

    7c36b1b40f6f5a06132e3c1e3e6987850eda8346245209025c8a85dd32b08b67

    SHA512

    04c21489869dd7835c94b350b4d7aef34c4ead03e103bfb7f62d0f6ad8baf42b4aafbc6cd1a69c286b52d8acadb24f01e9932b8ca68d4ba60d2682a9b53f2970

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    490B

    MD5

    21da73cbd2fe70f8c7ae5f056a610679

    SHA1

    a2c4b9b78a1f4e1d8d4714f8eda1f30189206b27

    SHA256

    377b29d2b60d51cb2a255d21322719f9473dbda065680da505d0d3290f050fd9

    SHA512

    d23e7170ef9d230f465e7b5239e1e905000267c1844a194894c9f523700aab2cde1a59e0d1eea7afd8c63212643de0654222ca65a81a746bd694ab13d7aa60f5

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    60B

    MD5

    b77df84bc0f347897795d401d0042c8f

    SHA1

    0a2092c712194a9aa3da95abf3efab43027efd14

    SHA256

    1852e5728c1226eb31201b983d3dd6159086d6fb4d505641fd9938dbb9a959fc

    SHA512

    aab1f816a00d92d82ab49bbadee978de4c7d831e7ef37651d78d7e8020523b23e61f3a89e0bd06e6b334609c7af389a97894e5dcb736fdfb942d9f40f1450f97

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    52B

    MD5

    f9814a9695d0e3f741ab2b9562825562

    SHA1

    58a2fefa4eaa2b4fb6e37e1fc211cbea6a9e20f8

    SHA256

    c75f24375abc6d883bf9f067f078355bb219483d7c25d3dc685df487a78c7fc8

    SHA512

    6bfd45d1d8469fa865287f07d9ecc7f05a7e7fe37821c311d573c248d8ab7467f2fd8f2efe7fdc762caf58c2d41fe132b49b0d7efcac52892c78af926ebdf103

    Download Submit

  • /data/user/0/com.nameown12/kl.txt
    Filesize

    66B

    MD5

    6a194467398890b737f3df42be170d6a

    SHA1

    5fea8cdf2e8f7f575bc9e9960b7d9a8e85490307

    SHA256

    0cc497a815a98f7c748dd6bb1d3c4ae5465d2ad6f4fc3d671d9e04c9d9b25112

    SHA512

    340a9e326f22f3f4e1cf8b6f48dfd5e5693210b7ccf5f01a256c13f5c98ce4746e4534ed58f51cfc1240ebe70e4d42d6427cd0339274c081b745bb68572cd82b

    Download Submit