Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

8d4db71906...51.apk

android-9-x86

10

8d4db71906...51.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    144s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    06/02/2025, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d4db719060b2a7b8cc80f38acc7c3e9f30b1268b945739edea28bc039401451.apk

  • Size

    1.5MB

  • MD5

    0f767873d040bf321bda3ceeaf0ca8e4

  • SHA1

    a8bd005729c11e1da47279b0e103771968b1ff9e

  • SHA256

    8d4db719060b2a7b8cc80f38acc7c3e9f30b1268b945739edea28bc039401451

  • SHA512

    39d5b8fb94e70a4fdf2c711054eeb7aa8b812c05e8c2aecb9d1ad5b9aec8e8d4f4017f0ce1e84f91c9f7371277aafe324f8f523c8cfd1241d0b6c0fc070a7a6f

  • SSDEEP

    24576:5OtVQmaghWt+7qTFtOmC4TSUwjsNAnCYTKH0tZJTjjLl1sZVvpaArIUmjS:5OtVQmfhWt+7qTFE4TS4A/b5nL3sZVvV

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://otomatikbahcesulamasistemi.xyz/fHTKmZhmwRmq/

https://tarimsalverimsulamayontemi.xyz/fHTKmZhmwRmq/

https://damlamasulamateknolojileri.xyz/fHTKmZhmwRmq/

https://akillitarimsulamasistemleri.xyz/fHTKmZhmwRmq/

https://modernciftliksulamayontemi.xyz/fHTKmZhmwRmq/

https://verimlisulamataktikveyontem.xyz/fHTKmZhmwRmq/

https://tarlaotomatiksulamasistemleri.xyz/fHTKmZhmwRmq/

https://bahceveseraotomasyonsulama.xyz/fHTKmZhmwRmq/

https://sudepolamaveverimsulama.xyz/fHTKmZhmwRmq/

https://bitkisulamastratejiler.xyz/fHTKmZhmwRmq/

https://sebzesulamasistemcozumleri.xyz/fHTKmZhmwRmq/

https://akillibahcesulamauretimi.xyz/fHTKmZhmwRmq/

https://gelenekseltarimsulamamodeli.xyz/fHTKmZhmwRmq/

https://sulamaekipmanlariurunleri.xyz/fHTKmZhmwRmq/

https://akillidamlamaotomasyonsistemi.xyz/fHTKmZhmwRmq/

https://pratikverimlibitkisulama.xyz/fHTKmZhmwRmq/

https://topraksizserasulamasistemi.xyz/fHTKmZhmwRmq/

https://otomatiksektorelbitkisulama.xyz/fHTKmZhmwRmq/

https://verimlitarlavemodernsulama.xyz/fHTKmZhmwRmq/

https://bitkisagliginagoresulama.xyz/fHTKmZhmwRmq/
rc4.plain

Extracted

Family

octo

C2

https://otomatikbahcesulamasistemi.xyz/fHTKmZhmwRmq/

https://tarimsalverimsulamayontemi.xyz/fHTKmZhmwRmq/

https://damlamasulamateknolojileri.xyz/fHTKmZhmwRmq/

https://akillitarimsulamasistemleri.xyz/fHTKmZhmwRmq/

https://modernciftliksulamayontemi.xyz/fHTKmZhmwRmq/

https://verimlisulamataktikveyontem.xyz/fHTKmZhmwRmq/

https://tarlaotomatiksulamasistemleri.xyz/fHTKmZhmwRmq/

https://bahceveseraotomasyonsulama.xyz/fHTKmZhmwRmq/

https://sudepolamaveverimsulama.xyz/fHTKmZhmwRmq/

https://bitkisulamastratejiler.xyz/fHTKmZhmwRmq/

https://sebzesulamasistemcozumleri.xyz/fHTKmZhmwRmq/

https://akillibahcesulamauretimi.xyz/fHTKmZhmwRmq/

https://gelenekseltarimsulamamodeli.xyz/fHTKmZhmwRmq/

https://sulamaekipmanlariurunleri.xyz/fHTKmZhmwRmq/

https://akillidamlamaotomasyonsistemi.xyz/fHTKmZhmwRmq/

https://pratikverimlibitkisulama.xyz/fHTKmZhmwRmq/

https://topraksizserasulamasistemi.xyz/fHTKmZhmwRmq/

https://otomatiksektorelbitkisulama.xyz/fHTKmZhmwRmq/

https://verimlitarlavemodernsulama.xyz/fHTKmZhmwRmq/

https://bitkisagliginagoresulama.xyz/fHTKmZhmwRmq/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.ticket.duty
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4491

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.ticket.duty/.qcom.ticket.duty
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.ticket.duty/app_judge/WoQtEM.json
    Filesize

    153KB

    MD5

    31e5e6c56577a70cf864e67a16809ca9

    SHA1

    11b877ec3fca1290dbc5b4b853cacac46783f850

    SHA256

    b6f1d62ee53e1f395d5ba36a944deecd9ab8cf12d462fa9715f088bdd2681065

    SHA512

    5d90ecb7e203ab90aaaaf8858d2d8f1b2a91e3b0b9a9296f2c06037693582b385f78431442e06c92c2572fdc4a34ac7a69c731d0ec8dbba954aad2ae8424a299

    Download Submit

  • /data/user/0/com.ticket.duty/app_judge/WoQtEM.json
    Filesize

    153KB

    MD5

    63dd75fcf95b2c124af811de3a806ef0

    SHA1

    11996f029f1eedade0d9dde70525c2559de69ef8

    SHA256

    16e942528080dc826e1e697f53a805e9f717eb1d21fe9cbd5db1874e342263d2

    SHA512

    f71bd38da16a5f64e54c8c58dc3c9ae5c90472abdde5a9701e790798abab20492063f775aeacd6ab7e89d4aa8b9abcc0cafa3d0b8c68754aa1e83b95e0557496

    Download Submit

  • /data/user/0/com.ticket.duty/app_judge/WoQtEM.json
    Filesize

    450KB

    MD5

    75cb6063bffd10a4117fa265079e084c

    SHA1

    7c30990fbe797d49f5796e8c0dad91daa9c4e8a2

    SHA256

    985baf92f7b8681a3dd2b964ef5cd550e4c15a637795f9dd4a759b8161fcdc21

    SHA512

    9914636b0dbec704d3d354a29e2cd7c51a218b9bc5fba118c75d668c4455269e1d63eac47200d835245550d4f0020ed8ec5cc25a3f471369ae1dc432b51b5344

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    58B

    MD5

    80ac7501965be621dbf7483226f6c563

    SHA1

    c1e5eb52d8e9c3957a27ae33e29e3d6173ffbc13

    SHA256

    760ee2c403a5c9f0f4ba85f422a188989973b90ecfd9c84193555a6df5a39510

    SHA512

    a1eac6610dfd8ea2b49c9a9827f7757e8ad32505f87acd46b363a2c446a80351c5d508fb19d195426642ab69f98e74ab6e0c69eae9409255f3a87c5b1d2bfd40

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    45B

    MD5

    b2eacb15969bba758b4c890451ea8f3a

    SHA1

    5a1a5e3969580e8a1a4fe6811164be451610f5c4

    SHA256

    116b13950d93ae544f53f8e90325516be9535efc82f45980dc18568e7c8d7038

    SHA512

    7bd128f63d5c41ee3518f89229487d03cbbde33649847ba7b7628c28f32ba017859a5cc9cb606be36206c885e0d34589586206623d499f850fbe39d1aad8b3d3

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    66B

    MD5

    ebf37d31f0865d3ddae4f2e920a1593a

    SHA1

    e7ef7751cdde1faa47bc01c5ffcdd15850b21960

    SHA256

    9749f8e6a0a36258dddc69d3ddb43646c127dbd7effe631d87d46011ac7914b7

    SHA512

    82f60155114e8eb3405afd5749c8b5cd4d14dbea936daa0eac2a040d99db029092be98ad5e89a197f13976159b812d8d4e20326f04ae83c2118f50a381b3a9df

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    84B

    MD5

    379e72db3954001efb86fb2679318f2d

    SHA1

    d2253198aa84128e48383f74b460bc4430a0bbd3

    SHA256

    f7318c7c358a2394a5813cab46ee71cd150d969a06d1534d9aed846459c23117

    SHA512

    a08c0e72021681907da25b8d8e7a1d80f59f930f5a69e1fb744d158b96e8ccdf97cdfbd798980eaa096805701d23b266e6a31296727d5dd5d1969bcee295fd59

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    63B

    MD5

    fc06fb9a1c5a9e76b3fb48dbba230859

    SHA1

    2036d7ba5f2a2e1aa5a1a923b32b16195397b293

    SHA256

    e4faf60a5dd25cc06e11d4e0c2b6a097cff33ec292c030c4dec7e678df4061b2

    SHA512

    99c520c7309bc5bc90b29a03bd59595ecf955c1e830def539ad02ec754e7a1bbf9723d4629efc62bafcb5ae1002623527f634248677706eec3ce99f425f1472b

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    58B

    MD5

    a91139e1368301836025c74de1761d27

    SHA1

    4069c5d4bbb516a8abac33b69a25d029c667ac51

    SHA256

    16d8c45ec4ee924b5519cac325a5c0379ad175e1fb2c5c7dcbca1debd1fa1214

    SHA512

    a845994184ec7cc478927c768a1acd4a17ceb5a208717bdf67155ba72c70bee481e6ad4078f3d2baa9abb10775256a2ef7346b4948176a05f43e7bcb253b1838

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    230B

    MD5

    5a50f906de0d9f6ca64c4ad884a2eba1

    SHA1

    53b384e18302fb8aa8d63bddc100c1ddc0492b5e

    SHA256

    3c9eb66d2cad8df0030cae2afcc2a774b45efede58ea73549d6ad0dbdc54b47d

    SHA512

    a4fd15eba660995dc817aa32e30b9fe47e5bebb81fb555a99f6170f1ef425b706a61297d8130caa2d6a37cb258e1fae1e3d5cf0094c1ee2250d6a41367b83231

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    63B

    MD5

    716e23d5501355be0a6f4961d9e8bc71

    SHA1

    a73f1612fba6a5c5c42d659f16215ff32a56b6c6

    SHA256

    1878e35ff06a680cafa5a3b361bb7a2e344459eda50626848dd5ac45baddb50d

    SHA512

    f62fac59080a3a1482f9b9a0fe6109bf9de3da65a05a3073e1d36b046db160f0221786e619bf5acd2b2b4a51a93ffbafd34cd47511d8df8a333b6e10995a7a28

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    68B

    MD5

    2aba9d5bbe8829e12f3ccf86af5a467b

    SHA1

    ca3ec8fcb471ca6a97e66503c2e181999c33072b

    SHA256

    6fae4683c39dbd099171fa84378e878b06acc9ee431e5c76cdb3932d9abe339a

    SHA512

    1150fa2d0d711d05c92c63698c908f667dc32b1598398c2d73ca45bd9a3bc69f58cb89825deb30da06686e4ceefa5266ccc0061e56097e07ef684f9c66d40f20

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    45B

    MD5

    4e0c5964bef1c3e3eed7e22b8ff9f49e

    SHA1

    76272865e1b7589a436ecd256c4896a7c0a4fd1f

    SHA256

    3909bb607cc82198ad3ddb74e485eecb9f7bb4e2e6b710fbe969842706047a42

    SHA512

    eee445f0a155e042406cb34e4eab4ab5d41db82193c26b0d1501ba635e3e151e4e31e55bedc9b202ac5793e6badabc08846f6b5c1cd058faa0acd04478420128

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    466B

    MD5

    42651749e5a8c8aa163cec001b4f7ff5

    SHA1

    758033147305d53c658bdf1120f01e135ba1ca33

    SHA256

    3c52cd266bb3b2cc83d1e4c4ad5b26321315b7adad957ded9e10627de5f7e3f3

    SHA512

    16bb764c32852de34a6e38b4cb6ced3833ff3769f1faaab981584e3c4220d957e254fcbb9cc144b368aba2b96de702c6b4a6485c7fe5bdbac2ed3155b8952ee4

    Download Submit

  • /data/user/0/com.ticket.duty/kl.txt
    Filesize

    63B

    MD5

    d25732eac58cbe6c2048d4a87cbca3dd

    SHA1

    9e4fbda70f9638f6d764b0166bf0d4f0f3181b00

    SHA256

    9cc2d8a047384de18340dc6ea9a8cd184867380cbea32dad4397981abf06e635

    SHA512

    c83ff7a80645f3d03c337f96a646d017576624a6dc9a522594e52de0d6bd49ad9922ad493ef89d1e8606a5470a38e48b1a3ca10f432ddf0cd97aec53448af22f

    Download Submit