Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
154s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
-
submitted
04/02/2025, 22:02
General
-
Target
593148b76d43efec881c287a150e0a5dfaac8c610e9906d9c68c54970ce055ad.apk
-
Size
2.4MB
-
MD5
f6a9ca6666129eaaee3c52a6ba2b2617
-
SHA1
7a720d5c8860e0eb9022acb5b47a36e17c0e1e4d
-
SHA256
593148b76d43efec881c287a150e0a5dfaac8c610e9906d9c68c54970ce055ad
-
SHA512
9ac9147057759b615eb6646870684ec782612336d0d937bba7e19f879d9b7426669121f7849f714cb7c5c953dea6737ed8689fcd9c6b404b1b57256973ec6a10
-
SSDEEP
49152:zdUdYHT1nbY4C4joq9PDeA/fRwoTxwjwbO6xJdXDC2gkb0Ko:xwYHpxCO5L/JwwxwuxjXDX0Ko
Malware Config
Extracted
octo
https://numberonegizemler.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerbilgilendirme.xyz/MzhiMTg0NTAwOTY5S/
https://kkcaneryolculuk.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanertarihcesi.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerkesifleri.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanersahnesi.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanergundemi.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanersohbet.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanervizyon.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerseruven.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerpenceresi.xyz/MzhiMTg0NTAwOTY5S/
https://kkcaneryorumlari.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerhikayeleri.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerplatform.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerpaylasim.xyz/MzhiMTg0NTAwOTY5S/
https://kkcaneranaliz.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanericgorus.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerincelemeleri.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerodulleri.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanergelecek.xyz/MzhiMTg0NTAwOTY5S/
Extracted
octo
https://numberonegizemler.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerbilgilendirme.xyz/MzhiMTg0NTAwOTY5S/
https://kkcaneryolculuk.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanertarihcesi.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerkesifleri.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanersahnesi.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanergundemi.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanersohbet.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanervizyon.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerseruven.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerpenceresi.xyz/MzhiMTg0NTAwOTY5S/
https://kkcaneryorumlari.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerhikayeleri.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerplatform.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerpaylasim.xyz/MzhiMTg0NTAwOTY5S/
https://kkcaneranaliz.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanericgorus.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerincelemeleri.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanerodulleri.xyz/MzhiMTg0NTAwOTY5S/
https://kkcanergelecek.xyz/MzhiMTg0NTAwOTY5S/
-
target_apps
at.spardat.bcrmobile
at.spardat.netbanking
com.bankaustria.android.olb
com.bmo.mobile
com.cibc.android.mobi
com.rbc.mobile.android
com.scotiabank.mobile
com.td
cz.airbank.android
eu.inmite.prj.kb.mobilbank
com.bankinter.launcher
com.kutxabank.android
com.rsi
com.tecnocom.cajalaboral
es.bancopopular.nbmpopular
es.evobanco.bancamovil
es.lacaixa.mobile.android.newwapicon
com.dbs.hk.dbsmbanking
com.FubonMobileClient
com.hangseng.rbmobile
com.MobileTreeApp
com.mtel.androidbea
com.scb.breezebanking.hk
hk.com.hsbc.hsbchkmobilebanking
com.aff.otpdirekt
com.ideomobile.hapoalim
com.infrasofttech.indianBank
com.mobikwik_new
com.oxigen.oxigenwallet
jp.co.aeonbank.android.passbook
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Requests modifying system settings. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.young.require1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests modifying system settings.
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Credential Access
Access Notifications
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48B
MD5046a414913add6f5bb60072c7db819b6
SHA1451ee4f6809260aec622d772fd329c7d0297a842
SHA256b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA5124e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c
-
Filesize
153KB
MD5443639fb1ac4109337aaf9a4bfd83be5
SHA1014dcc7801c6a21e605d25b816fa8a46cc93a8ba
SHA2561c4d1e35edee1687c75188c9edb34eb0332e37a8216866407065eb594f18ae36
SHA51242ec8961f8e66551206cfab2c786949a51d289fdae50a937b729909150fdf2aab4a183318e7052e041551dca1a2f3036546972df5b0aee9d4a11a6e3e84e0e54
-
Filesize
153KB
MD5338334e31975d9ce442c3f9a6e790f0d
SHA1e1ac4359a0f8dbef3e05cb21f6f66cba3697fcd4
SHA25601eace21bf8561fe2efae23ff230240ec20f0fa83811c018cb2ef4a31ff8ed1e
SHA512d589f10fdbc41416d56b32f75f1347f4975574e58fb9edea23ce526e76b87ebd170dbe3166ef097cb6bb3a54fba532cc618e3d2f7c997b7a4fe0ab212c779304
-
Filesize
450KB
MD5e95b97ccc0b29c19ce8e7ba56f21b22d
SHA15fb3813b08da5a5fa1c57f0bde5db814328e14db
SHA256a3a065350452d8c583f9020d7d5d499806b7bb96d9ef0eff6a615928ae46b4be
SHA5127905a52966d4115201d74d12512a5c8c07d29f787974d18af65e7e497f45fe4c8f102837313fb2839672193b37198c3fd777b4b48e24b2f279bf5b91de2182ce
-
Filesize
52B
MD5db9166e3325d9b2ac7414ab84d336a3e
SHA1e94740769c5970a7dea46b629a9ce934559b166e
SHA25672af36e443608df1c333495609886ddb884cb2d9915b869ad24c7c7bddc8204c
SHA512c20deab9da9b8e1dc0c2edbc6f92387e73502f2307d5ac0f82e8e51747d065b855489650f9f5e2b6d2eb90d9705b76e6142034d9fe1b2877636c2f0f13abc98f
-
Filesize
66B
MD5c2305110ead4be87086a1bffb10f6abb
SHA1c807a27283f40bad689857bedeb5b678c4c1415e
SHA256dc1bd946645b7d8c8f0d08d0f067cd424f92677cb11d1888f2e8b964bf8fa3f9
SHA512b6a16a4abb9d680683d5f7deb6db591e537875045511a2c915578c734547a94bf0a39d2a71fb62e413cb20715fbcabeaef2972f22ff62059b19db5beb0080e49
-
Filesize
84B
MD50a3e464b3e2a3936ed9dfa34cdf4b0a7
SHA1d17ea73a37e2f9672e6ab43906b51082388b8838
SHA25601ae5981d2e40e724be498a1c36670602147186edf00e7a8ca62f5e3df64d370
SHA512e22123897f8dcc0ef3d72f9236459eb0e3540f562344e7b23ed133789c425f7e02b346222bf2dc130acea46ac96bf52f3d37c173386d75f4a15eca5fa2afee55
-
Filesize
68B
MD594f60810ec5d6415505046efa5c79ca4
SHA1064720a4369ff31f6ab66325d0bd4b68fd46853b
SHA2561b3eba1bc3af8dee573489493f7fa9666eb4e7fdfe04a9e153c80e39df8f01bd
SHA512fca1d557760bec22ee1162b6ae3740b7cb57051f7fd56d0d94d8554ae5721739415011679131bad4610c117ae733379620c469345c67e9588dde0b41442bb5e9
-
Filesize
68B
MD5b4703dcf089f71109e6d6204f8e308b8
SHA13cf3d0a8e159eb5ecae2634eac53caa0fe1282e4
SHA256febf59fcc1c366a14de44406ee3a62a26ea440d09832112c429adc54dab09ebc
SHA51284f1be80d43da2254dd71cdeca9fdc7f62fc3ae2a35a7248b541a46e867fea6fd8a6da1ddc38a120910f389c0d6c86e11d658793d1120b9b444e3c7994978521
-
Filesize
214B
MD5f33631b08fb7396d91103b54bea854db
SHA174eed4236f130f0df42da14ffda4a41f26b98e22
SHA25671e2644d77005df5db9eef4327b3dd4a0cd0f49558ffcbfc1bf3989471ab6c2d
SHA5125fc5ebf985869f2789a8cf1df41716ed465c69fd8f9ec4401917ea883217f72de947a879739072073398b3efb3cbcaf6ce092febd089793522d3f22f7726c78c
-
Filesize
54B
MD53da1dd755775ebfba50ea358c5672e35
SHA11cdd69f67eb72ee6586087475a9f4a6ce29f7753
SHA256dc3b1ec910f1df0650a07e0f5a3a08c58fef327d00f201441009eaf4abf4e985
SHA5121eb3a422fb45f5482ee2454d4d1426d6fe307baa99e140ec3a23c0f2a595b3d0f4deff4b6dae0f64c5e0a6fe6e08429af5eff488e477e2bafbebc7fb09a5d05d
-
Filesize
68B
MD5d99980842978a977535fa298ab947883
SHA1ff56e94ac6f22439630f9b9bca7cc369b3d7cef2
SHA256aaf60022f100c6cd6efb0fe88b1f8678aa6d9fb01c6ffe2690db318e3883bbec
SHA512ad2c10d368653884cdae39c868b28420470ae5f0bad4a1ec0785cdf408026737849ff3f5c09089552c79d4044fcb5364c6065ba3b3f44f857dda19cec831899d
-
Filesize
60B
MD5eea603ebe6ade967b5ead4bd579d725b
SHA10caaeaa5f265f6a3c9335b09e38e1b18f95f5651
SHA2566195cdb7ac3ece60423eaf674ae33c70afd26758c6b4415f95ee53eaf5f40a1b
SHA5127d62a2762079ed1eda863bd75ae4f2afc50371db28962eb94bcbd0ce9495e7dafdc55d38245e9668f30d183e73103fbcae001a3aa68a379683c3a8f35b026810
-
Filesize
490B
MD5c83ab7d425525fb4530dbca814a54d51
SHA1696952a191acd4eda585e2e29a10f751d76b8c83
SHA2560c63bdbbe9a439b41c00dccc3791587fa0a5b58309b64176a2744e151842ab74
SHA512a651a6b7589e6b8729bcaa57cda2988fb5f23392a412c8707e3008fc5577309b98fd122d8869fa6653f401d68511b86e0f3f622a442d838cc651daf8bd6d72da
-
Filesize
60B
MD5f51b0f43ee61989dca69c30bf1107e57
SHA13feab9645f42766c04569124c3d4d3878ab9616b
SHA256abc84263447d1bc5968c5e28f9b9488bb8168eda1def2035b214e63d1e58eebd
SHA51201762ad8f0760b4a84fcecb14e3a4b03364ae044267fe950114dab68ede10b0a3a367368a392b6d846e83c6ed48718aa770d89c56eb0b7527a5e10b971e3b66f