Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

00a99e7ca1...00.apk

android-9-x86

10

00a99e7ca1...00.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    17/01/2025, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00a99e7ca12046ed4037f907b6506824b9b36562e890c33fc66c1dfbc472b100.apk

  • Size

    2.4MB

  • MD5

    01c8fed6e0955c3fda88f4b87bbfdd32

  • SHA1

    6a5b991bb2231a9d40275e6d81040fa5a4eda906

  • SHA256

    00a99e7ca12046ed4037f907b6506824b9b36562e890c33fc66c1dfbc472b100

  • SHA512

    6fec8e8e6ba019986a82b4f1f5004f969a0dfa97472e11c1402b47b49ea662bd2dbb262130960c0c2ee9e72a851afc97a9f7ef583bc6658f006f8e0ba1bb5bba

  • SSDEEP

    49152:WNq+OjH8PtI3LSMdXO0PlRVywmsCpXRaORnP95mQlpo8eW30Yq06yjgaX+J04jcR:TgFI3tbPlCPXxlwQHQyjeJf/cD

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://yenisafakhaberler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmansetler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgunluk.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksondakika.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyazarlar.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgundem.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakekonomi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakspor.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakdunya.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmagazin.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksaglik.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksiyaset.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilisim.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyerel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakaktuel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilgi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakvizyon.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakteknoloji.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakkultur.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakinsan.xyz/Y2U1NjM1NzFkZTlk/
rc4.plain

Extracted

Family

octo

C2

https://yenisafakhaberler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmansetler.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgunluk.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksondakika.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyazarlar.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakgundem.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakekonomi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakspor.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakdunya.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakmagazin.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksaglik.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafaksiyaset.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilisim.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakyerel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakaktuel.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakbilgi.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakvizyon.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakteknoloji.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakkultur.xyz/Y2U1NjM1NzFkZTlk/

https://yenisafakinsan.xyz/Y2U1NjM1NzFkZTlk/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.techvision.smartsapp
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4625

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.techvision.smartsapp/.qcom.techvision.smartsapp
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.techvision.smartsapp/app_fragile/RaGD.json
    Filesize

    153KB

    MD5

    daa3d1870747e236b3c26487319310cf

    SHA1

    f013b41c95a91d47b9ca3954bcc94be2575db6b8

    SHA256

    c331e3627da5b4be2d77521acd24f6176f95c58e474291450433c01c4f2c7c63

    SHA512

    b6cd1bbe3dc90dcab9aa910364dfaa8d36b79c75fa19fab4d9a23062d45c4ea41839c608dbd87f1d25566e55bb9eec93b58f8970919834938ae09f9649d83a11

    Download Submit

  • /data/user/0/com.techvision.smartsapp/app_fragile/RaGD.json
    Filesize

    153KB

    MD5

    5be8896ebc5f6448442a485dbb588b5f

    SHA1

    c6a8f3d7cf071feaa5825c2bcefed3f9ea633282

    SHA256

    b841433431d30fe76cd87324ebe3ff8ff5d5698aaee15b256460ebc71ac152a2

    SHA512

    d922b99aba6a0f022e95aec7cd1b7c430985bd4ccf3306309647c8add1920aa9d8233f15572f3efaaef6f3b304b7b950155f25f1ffcdf05ada819b7e2c997b60

    Download Submit

  • /data/user/0/com.techvision.smartsapp/app_fragile/RaGD.json
    Filesize

    450KB

    MD5

    fd73e2c351057b206df49a84b2a4bb42

    SHA1

    a5b3ba88bbb1c7278f9a6fe8d2d4376b606809c4

    SHA256

    aded517d22613e0dc8ad3c8239027623aadb134c51ca9a5a303abb1f4723b0d2

    SHA512

    a1aad9e3fae4bd2c316361cbc147129b447c586f4ad184171f7bc18c242df3a467b29a4faf24155cfcf707191c403f2625aa8e057abd7bdace084f53e01c138e

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    58B

    MD5

    f34624492ebe9c187833f065ae224247

    SHA1

    52c20cdbe09fc117775a9316232d36911f5dd2a0

    SHA256

    0e3d1773a8709913e1610a46ebd51bae256190a7075dd4e1e5ac1e0e990724fa

    SHA512

    96f113438bbcb514ac356031d47a9a8a7767f6beaf5dbddf5df358dfa360f05f60f7442fd34bab674daeb1d764d8a12e45bf611ca2a7db848721e7b321b094b7

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    45B

    MD5

    90c859f694fb3beb706a503662887fd6

    SHA1

    53af1cc1eedeb74addccfa306935e53a516ebee6

    SHA256

    fb18862d08ce267370c9790e491319e906ab9ddce49714764bc49afc3bd7e5e3

    SHA512

    f803e26bb50d1fa6d0bb60e736cf66fb9b6f84e5a035f91db04a6dfd6a7e3da556f66c4417fe4cfe17ba61205ee3427b884c22c0bb08d4448fe1318a826a41e9

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    66B

    MD5

    5597e441868241c19be045c5ed57a56b

    SHA1

    d5353fe737607b3b5f2ba97255cf5eba5ca96ec2

    SHA256

    f2ccb7e529198a7665e03d6c89abb45040fbef98b400ab331212e36870255e8f

    SHA512

    b6c3796753d6ee56e09aa777c387a87f86ca957ca3e383962ed1565609cf8829e894b64f53bd89cb43cfbc0136cc50c8aa4d2a3b2d4cc0f4aa15d5e27cfbc1a0

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    84B

    MD5

    6fb73e04154b09c170411791840d7ac7

    SHA1

    139dad0370af935149ce3462dff0de9e9f130ff6

    SHA256

    8aad6a8ae43a14a376dd0058bd317d7f5b2cdc6800b2a8da49e074162ea6b489

    SHA512

    776cf2a6db20ce3977ef6958a6329320544bfe62577aa578e019aa4ed8fa462aa420c96f6a26c7c2db4fac641866f71fdbdddf44d378dc4354f4da4087adfd55

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    63B

    MD5

    4999a576070fbaa36f479ffa21e4ded3

    SHA1

    eb7003deadb9351e48cfc54577c6c864710be5e5

    SHA256

    a165c7241f8e98bc7946f820c163d3ba3f9e86364fe2d4a71ecb241dd46498a6

    SHA512

    180c2142c5aff2ead8ece9b35377e92387b84223a23c6b39068b409b416f9b106df408dfca8bd488f2ee679766032ad0f279dd2f6ca20d481eb44efaa68415cb

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    58B

    MD5

    a6f3c55f5e799bc7b2addd0d806acdb5

    SHA1

    b17ea59b1783ae8a76fe96437efb0b9fa2aedf83

    SHA256

    1400ab2714042ed88c2e09d0fae1c35c09dd31f7c34eea65cfb2618763c45d7e

    SHA512

    5d739ca026e10324afcb3c900d60c5089a1813d18c12cc9528cbfdb5655bb771a6bd7b442c46dec001498e4afa07e69143e7ec85446d552b0db17c7ad9405f28

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    230B

    MD5

    f55ece24fb7e9372e1a581e238af19f8

    SHA1

    e2c34e17a17567304ded61f636d729075cc831bb

    SHA256

    f168bc263f6c4135636c1f6bf9d3934f352cc9cbcc913db4d6a50ee9799cc3a9

    SHA512

    04da6bc909325dc1dd67711970ea3f126b5c720d55aa3dae13e34bf02cb9a4e1fe1f71deaf07ccde0edf5411b31a3481845b23ee15a0e9acdd994220e93407b5

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    63B

    MD5

    42dd808d738bd0fda985fa6e07ff9187

    SHA1

    c367fa42af66ffd44349f9e828fb55a51cfd38fe

    SHA256

    d29112a721c292c3714c9de26597ac763f23469c561188ced24907c9533becd3

    SHA512

    ef8fd962db96a4791e0d5992036cb25fd8437cb39cf4310ef6db6e4fab29cc2e52303461c7829a53d958677a7e4f04092dc0bb7a83455cd940029f273add123a

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    68B

    MD5

    077e2b399246633874f31fa077b3a699

    SHA1

    33c8ccf7a93a893acf4743d2b0dc70cf613f8766

    SHA256

    8827f44de611d8c0a7cb64b34efd7e322da8ac3d224aed774052552bc049edf4

    SHA512

    5206a6ad720b6e5427c76926f313ad2fab79fb9cc5b7e93be517225e5ad3548883f4f3e27ac92fbf0cab8c06aedf3c69b682eff59b2e562451840134b5ddc6c8

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    45B

    MD5

    a00f713f22a6aabec9f4b0d3c9b40381

    SHA1

    2b202cf9d9b076de2e530f0fee7f44914abb7dae

    SHA256

    da89b185c5c93420e198db735ad324d71cfa695079f8645773e64f92b1209b98

    SHA512

    127e7f7faac62b1fc0ee4422e33d480f2acaed4386a3637fa7b63ad3c5ad50bcc72fd1cedaf880c139104e92a04660050b0e541e6716e2011dc3df1777a43bac

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    466B

    MD5

    fe18187703d18ef7e015b2a994a1809a

    SHA1

    6ce6cf0fba9bb6d73a6a790e5b22dc669e115f75

    SHA256

    22fa6241379292e2a29a246866ddca0c64df8e4281d7eace646217fbe7bb0064

    SHA512

    724520056c6b926cfa2a74996ab7c9c31f1d56ca37a8175c09bbce2b94dfa23cd9fa4f472af961fb19d6267f2441d41765de00c98dd8363bbb36899f7b388b3f

    Download Submit

  • /data/user/0/com.techvision.smartsapp/kl.txt
    Filesize

    63B

    MD5

    683c18fa5dd352b7d23f82562ce8671f

    SHA1

    95305984b84bacbc150c2821f813019c8b2fb57d

    SHA256

    77142a3ecb55d9c1f92e95665836c11ebe25f6c1dbbb7257e46982235ade9660

    SHA512

    3a5fe28e791ec20eee498b0de819b81141f4706af050186bb4a576b5b7fd09f04cf140e49cec6c66353742998aa7887e4feab5a0f0af3ecd744cc05c8784aa0b

    Download Submit