Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
6s -
max time network
159s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
04/02/2025, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
72e393da97a3d2b09e7f7badcaefc1e1e184d15650cbe049892e04025e3b15ab.apk
Resource
android-x86-arm-20240910-en
General
-
Target
72e393da97a3d2b09e7f7badcaefc1e1e184d15650cbe049892e04025e3b15ab.apk
-
Size
2.6MB
-
MD5
93d45309227d9e0d9b1a87ce8f45bdf3
-
SHA1
42d0262c3e6339fe6a48e48f3c86f4b9edb88c71
-
SHA256
72e393da97a3d2b09e7f7badcaefc1e1e184d15650cbe049892e04025e3b15ab
-
SHA512
181d248d63465f74ed65925fa04d9c1a2fe89750cdc9480d7e8f39153bc47ffc587dd485b0c5823b4c84357bdaa78b05b24c49e8d4a2a324a4e2b96bdfccebda
-
SSDEEP
49152:9QeFZZSgQkJYBsEFauDzzDa/7Y8mwpMVtNOcWnoFiU3cmRC9IhBO9iJwDNd4QtNM:j/SJkJREF1H2TYTtMnoFiUsgCsODNlZy
Malware Config
Extracted
octo
https://kkcanertarihcesi.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlhizmetleri.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlsistemleri.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlplatformlari.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlhaberportali.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlguncelveriler.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlteknolojidunyasi.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlgelismeler.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlarsivkayitlari.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlprojelerplatformu.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlbilgipaylasimi.xyz/MzhiMTg0NTAwOTY5S/
https://tutmliletisimagaci.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlanalizverileri.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlstratejiplani.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlsistemyonetimi.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlvizyonrehberi.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlgeleceksenaryosu.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlsosyalkullanimi.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlonlinetoplum.xyz/MzhiMTg0NTAwOTY5S/
https://tutmlodaklisisim.xyz/MzhiMTg0NTAwOTY5S/
Signatures
-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo family
-
Octo payload 1 IoCs
resource yara_rule behavioral2/memory/4932-0.dex family_octo -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.shield.hybrid/app_height/WgN.json 4932 com.shield.hybrid -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD5c015c4954273fc88d2267f0ae898a2f1
SHA10445392cbd07baa3cd7262f609129780746c4370
SHA2564bb5eaa6f12860aa3796fd8aa475ccdf5a8f48479b46169533b125999590cd43
SHA51226ffa6a560e15416496214b76eff9f3e5f353cd9fea66f474296d2ebbb8d2a7905ba886f8c41fea872dfbe570e735a6700d5dfda5651a54c3e6fbd4d2d89a12e
-
Filesize
153KB
MD54d689db3a33d26014f39ff018575eccf
SHA1300dc9539e310c752d44945188ba690d141f9280
SHA2561cc238b2a05036dbfc222249feb1fe5486bcbafd81622587c87f4badc483eea0
SHA51285ac618542fbb53e8e574f97141e2ecefd2f9e35edf3b255edba176b1272d9f24c3106067617512046edbb65bdbec36a729144ab6b9687ac9b94cb83398b3ad2
-
Filesize
450KB
MD5c3b360d65b5221f279cb8fa003e99f10
SHA1f392d36b6a2143dfac00c2db539faccd070e422e
SHA2566b6dd0738c063d5cb3f1743390f2b8ea3410eb6572e386042936d72b63909a89
SHA5120007ae35753fee17381b7a7f6c424e25d69a5219db3359c85e8753e6409a4f33bf79572f11050f5451bbf568367923b4f2fdd160f89ce2316d1fea9327cbbbcc