Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
17/12/2024, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
c09f9c6f0a6cf28a16f8bf38763569e846ab224d3a297c9fc3710fa953c73885.apk
Resource
android-x86-arm-20240624-en
General
-
Target
c09f9c6f0a6cf28a16f8bf38763569e846ab224d3a297c9fc3710fa953c73885.apk
-
Size
2.0MB
-
MD5
605ee22d6a39c0cd8360e62c00d7a33d
-
SHA1
68be1f3d4f31cede68489ace48a16895ecf01514
-
SHA256
c09f9c6f0a6cf28a16f8bf38763569e846ab224d3a297c9fc3710fa953c73885
-
SHA512
b1adbef8bb3e701d8581cd2cc8f5d3aa08b043a3fa72096082b27064f06d3396a30a90fa3fa38a905906c997f107aa09170c4a1808640629a398e9ef76224702
-
SSDEEP
49152:ZNNNJQ7JKWS6P0pz+gYejvjYYtiIQPzKbx2cEY9zGYV2qvZ78SGs+XelvM:lQVXS6P0pFYcDx1bx2cECH2qvZA938M
Malware Config
Extracted
octo
https://hayatvesanatguzellikduygusu.xyz/YmJlYTFiODdkMjcz/
https://mutlulukvesessizlikyolculugu.xyz/YmJlYTFiODdkMjcz/
https://yasamvesahtekarguzellik.xyz/YmJlYTFiODdkMjcz/
https://sevincligunlertatminkar.xyz/YmJlYTFiODdkMjcz/
https://dogaltatvesanatyaklasimi.xyz/YmJlYTFiODdkMjcz/
https://hayatlarinhuzurvesessiz.xyz/YmJlYTFiODdkMjcz/
https://keyifligunlerinfirsatlari.xyz/YmJlYTFiODdkMjcz/
https://sevgiiledoluyasamyolu.xyz/YmJlYTFiODdkMjcz/
https://sakinlikvehayatderinligi.xyz/YmJlYTFiODdkMjcz/
https://sanatvesanatcihayatlari.xyz/YmJlYTFiODdkMjcz/
https://ilhamdolubirhayat.xyz/YmJlYTFiODdkMjcz/
https://zenginlikvebasarihikayesi.xyz/YmJlYTFiODdkMjcz/
https://kalpvesanatdostlukhikaye.xyz/YmJlYTFiODdkMjcz/
https://mutlugunlerinyasamayolu.xyz/YmJlYTFiODdkMjcz/
https://yasananhayatinduygular.xyz/YmJlYTFiODdkMjcz/
https://dogaylaisbirligiyolu.xyz/YmJlYTFiODdkMjcz/
https://hosgoruhayatvekultur.xyz/YmJlYTFiODdkMjcz/
https://hayalguclesanatbaglantisi.xyz/YmJlYTFiODdkMjcz/
https://sadelikvehayatfelsefesi.xyz/YmJlYTFiODdkMjcz/
https://dogaldostlukvesanat.xyz/YmJlYTFiODdkMjcz/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
resource yara_rule behavioral2/memory/4968-0.dex family_octo -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.shield.member/app_enter/EFN.json 4968 com.shield.member -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD5840e676c035cffcc75813e39e26f815b
SHA15c64a11d8f978dc2da2cb7b6fc594aaeb75bd12c
SHA2566412aaa0769ef9ae541abbbe186c4db5705e13edf230af518567ca50ce7789ca
SHA5124427af975a503a679e896433d7e030959642857e85679d2040e115546ab48415aa0a7c3c5a0340f2e17199b6d016fd15e49dd9109bb5f7e2dc9a9687f116b481
-
Filesize
153KB
MD5ef689242ff209c2db3fe13b04628a2df
SHA12b1af7930a2458b562e3ea1739be206d95a5ea87
SHA256733faeac8ae9ffa91d33c27f93f8988b7ea90b1499d9a1ccf50722e676638289
SHA51236ac2bd6b574f35401a13602dc839fc4450b287ead72cb1d09231605795a1c83a16cd0d834f9f63499ab0468ff14dc6217c843de9b2b049b7ececfef7b6eee20
-
Filesize
450KB
MD5bf097478a7a3482477aa4514b6709dfb
SHA1989227f267703dc591528f65fdcc59410b9c42a9
SHA256080f8be2fcb3655bce27cbf5f48eb5c1e75535ed39222142eb11ec76bc53316b
SHA512c6724dfeaf8d4791514e2e1cfc326821bd146b6bccfd22e83f186c0175f836ee46b37588e25a75359d4f50936fbf8ad6fe967bde1ab49bc68ea8dc643c8bc180