Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
154s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
22/01/2025, 22:08
General
-
Target
5536911c259634d705f38a4c7e584a845f1bdaac2a8ea5e18253d19623503def.apk
-
Size
2.3MB
-
MD5
a2e9e7659dff1cbbae76c392218b63e8
-
SHA1
14a551cf396c3bd98a55d18966ef74ffdf221a71
-
SHA256
5536911c259634d705f38a4c7e584a845f1bdaac2a8ea5e18253d19623503def
-
SHA512
0bec421fc977c7d77d20375bb62ecc996bd55d93e3ebe8b1489cd6d6037fdc97d30051cf4aaffab4bd2702c74ed1106c1623451cdea0071688c7775ae542a3e1
-
SSDEEP
49152:svA+HinzUbK5e9GF+TV/46AQ0c90KPhcRZGZbmqC2Y80ZP50vmVy0ZPszAE4KoS4:s4nzQuFEi6AQzb4ZQ/C/80ZSuBfc8KMZ
Malware Config
Extracted
octo
https://vippivok.top/ZTZkNTJjNTkwYzk3/
https://bobnoopopo.org/ZTZkNTJjNTkwYzk3/
https://junggvrebvqqpo.org/ZTZkNTJjNTkwYzk3/
https://junggpervbvqqqqqqpo.com/ZTZkNTJjNTkwYzk3/
https://junggvbvqqgrouppo.com/ZTZkNTJjNTkwYzk3/
https://junggvbvqqnetokpo.com/ZTZkNTJjNTkwYzk3/
https://junggvbvq.top/ZTZkNTJjNTkwYzk3/
https://junggvbvq5656.top/ZTZkNTJjNTkwYzk3/
https://jungjunjunggvbvq.top/ZTZkNTJjNTkwYzk3/
Extracted
octo
https://vippivok.top/ZTZkNTJjNTkwYzk3/
https://bobnoopopo.org/ZTZkNTJjNTkwYzk3/
https://junggvrebvqqpo.org/ZTZkNTJjNTkwYzk3/
https://junggpervbvqqqqqqpo.com/ZTZkNTJjNTkwYzk3/
https://junggvbvqqgrouppo.com/ZTZkNTJjNTkwYzk3/
https://junggvbvqqnetokpo.com/ZTZkNTJjNTkwYzk3/
https://junggvbvq.top/ZTZkNTJjNTkwYzk3/
https://junggvbvq5656.top/ZTZkNTJjNTkwYzk3/
https://jungjunjunggvbvq.top/ZTZkNTJjNTkwYzk3/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.mapmuch761⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Access Notifications
1Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD539dd028f76fbefa638df1225e126ae56
SHA1f9efd16f9cdd4c091ceacd5276986022200a460c
SHA25691a70b23a3ab3565d1a9c3bb5400997599026ef041cbf5aa53c76e8dd3a4e192
SHA51211eb57624124ec664ace55d953ec4f5edbcc6faf1436544ed9a4359cb215b2b3ea3a4b66a852c528b592e02ab043202ae577e0fede349efb48bbe7bfcd78c348
-
Filesize
1KB
MD5dd6381e034e6e08c971a6996809eb9e5
SHA10a9a5371f7c58a6ced77f49dd38ab75e7b6e77d8
SHA25652f03a8ac765b75ac4018c522320b03eaef2fd32e8886e53b2c66bad97d35f78
SHA5129d1887cf43beb856415d8aa72bbab268d0784e1e4b03c37b02364cd9714ddf4a2bf7d2dbc16b57d7819ceaab5cad4c4f2250e79c9a48bb4e8c84ab332261268d
-
Filesize
2KB
MD5aabe1bb4ec23a6e1e2f8ef61d561eeda
SHA1e93d85098c4340ca952a5a0f016cc667af783265
SHA2566f18f903e99284cc0e903a7ececfacdcfe832baae86da144c1ead45fd4ff35b9
SHA512c81d0e2583d17435e87af83c90e226e332eaaf06aaaecdd17a2dae68a6cd05d0881b0facfd36ecd8a03d79f3fde37cbe9f2dfeae25e046a99fdb17f06e2e2df0
-
Filesize
338B
MD5e53a5d8fa5c547a26869dcca89ca7482
SHA1234434422453a07f02ee6dea819330cbdd65a5c3
SHA2567aafb7d8bdda336b6f55a4b4d9d44272c3d3ff9338fcb8bb786a791e9924c25c
SHA51216dd7be0d9bf070e3e6afb51dd0c1ea07794a3e06b35da1b11aa51870a00f9c83539574e33fdf4da39863a8c0fc4092a950052920c7db944b55fe2dba8699853
-
Filesize
448KB
MD5a3d17f1d324a54370dad9352708995ff
SHA1eaf4a34fcea9333d16413732de74025e8fd7c1e6
SHA2569e4b5bcf300e2c2433fdde427a8a12e32cc17d7f640575e89754c5a24f1d3d4c
SHA512aefb4e592c5193ff38c5dea05ea062588152c7686360f9a06dab198a50062416828076b60e91b7361a8260debb5b0c69333eb1585c0df3353909ab3b485c2607
-
Filesize
480B
MD5829c95629f0a75c9688a54078b6fe7a9
SHA14da86809c918fbcd114f9fb29f7ae9edade6d9e1
SHA25604357104f902922c38bdb2b3e0ec539556d3cb9e9392cfc581a32377350264fa
SHA5126d3e89e8b4068b1c9604c2f085c7e71183e4fdf8ae7e53665eebe8cf4dd1ece466a7e6fd9cf10adabf6142bdee57e90969f3033c5deb01142400ba5356cbf5b4
-
Filesize
28B
MD56311c3fd15588bb5c126e6c28ff5fffe
SHA1ce81d136fce31779f4dd62e20bdaf99c91e2fc57
SHA2568b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8
SHA5122975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6
-
Filesize
237B
MD5e33294501afca64a6b2b0208f5c2a745
SHA1a2976af79d86f0f03e643302c92375feabb8b1af
SHA256604dee7b10ee731842862339044e06cf6daeab1be6bab2dcdef77b89abe929de
SHA5125f3d3d273cd052b88cf69b61085606e4035241b6f1d1ee63e70993f18c994cb870fea1fd4e2471b66b2d7625cfc528cc372aae6fd9d9338b8187f2ee973c42ba
-
Filesize
63B
MD561f7f2e0754335b97d2044eea882d10a
SHA121dd7322984e823d3cb7c0dd503b044ef9f6ed8c
SHA256d0115f4a0f1761c9a5b697fe0bec89e6f9fbb4d64ddb12d83e1aac2e8665a17e
SHA51216bd10cf075718493dc4a7c6c853ff97eed0fa8624b77d189e1ae68c81c4b31ca949ed2e8da10e38d0646a7de09f410d0e2bc5d02f3537b55af4dde6a7594c34
-
Filesize
45B
MD5418614ab4ee242f820c95ecf0377a3f4
SHA166e65d5fa6d2afa30f39ab60a9c396abb102ef22
SHA25620a1dac17e4e9cf1d55f8b61d6dbe6cce3184f7bbdc06c5eaac1f1b8184bfe8a
SHA512f1b0ebdda33603c90676bdf536d742cbe42389829194a62e1bfd1bcffde1557fe5058871449300951fbd6e3d2ebcf2e5a1cfcb3d0bd06e286bd3eea98673034a