Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

b82c847a81...85.apk

android-9-x86

10

b82c847a81...85.apk

android-13-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    07/02/2025, 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b82c847a811b06f5a50024fed7b29bd2662e329da0b4aaba81e0138c31b5fe85.apk

  • Size

    2.7MB

  • MD5

    c567acf57a495dc330f42e3406ed7b46

  • SHA1

    4b5c1f0f0501f75f551f545f886b95528b2a950d

  • SHA256

    b82c847a811b06f5a50024fed7b29bd2662e329da0b4aaba81e0138c31b5fe85

  • SHA512

    5140c83d712a9768436c92892c1c89cb267be03eb8ab6d5206dd31ad3fb056b50ec8df9941aaa9ccaeaafca0fb04f084c68f5b5c15d54b8479cef145d1aeb22c

  • SSDEEP

    49152:/dqAPOGaQlOtMXG0zoH10c0z9+jbqYb9dCYJsoApN9Q7WrFIdk7MOBsYMbhv5pzX:/dfPOGB0WzoH1/Qw60VJoMWr+k7MrYMp

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://otomatikbahcesulamasistemi.xyz/fHTKmZhmwRmq/

https://tarimsalverimsulamayontemi.xyz/fHTKmZhmwRmq/

https://damlamasulamateknolojileri.xyz/fHTKmZhmwRmq/

https://akillitarimsulamasistemleri.xyz/fHTKmZhmwRmq/

https://modernciftliksulamayontemi.xyz/fHTKmZhmwRmq/

https://verimlisulamataktikveyontem.xyz/fHTKmZhmwRmq/

https://tarlaotomatiksulamasistemleri.xyz/fHTKmZhmwRmq/

https://bahceveseraotomasyonsulama.xyz/fHTKmZhmwRmq/

https://sudepolamaveverimsulama.xyz/fHTKmZhmwRmq/

https://bitkisulamastratejiler.xyz/fHTKmZhmwRmq/

https://sebzesulamasistemcozumleri.xyz/fHTKmZhmwRmq/

https://akillibahcesulamauretimi.xyz/fHTKmZhmwRmq/

https://gelenekseltarimsulamamodeli.xyz/fHTKmZhmwRmq/

https://sulamaekipmanlariurunleri.xyz/fHTKmZhmwRmq/

https://akillidamlamaotomasyonsistemi.xyz/fHTKmZhmwRmq/

https://pratikverimlibitkisulama.xyz/fHTKmZhmwRmq/

https://topraksizserasulamasistemi.xyz/fHTKmZhmwRmq/

https://otomatiksektorelbitkisulama.xyz/fHTKmZhmwRmq/

https://verimlitarlavemodernsulama.xyz/fHTKmZhmwRmq/

https://bitkisagliginagoresulama.xyz/fHTKmZhmwRmq/
rc4.plain

Extracted

Family

octo

C2

https://otomatikbahcesulamasistemi.xyz/fHTKmZhmwRmq/

https://tarimsalverimsulamayontemi.xyz/fHTKmZhmwRmq/

https://damlamasulamateknolojileri.xyz/fHTKmZhmwRmq/

https://akillitarimsulamasistemleri.xyz/fHTKmZhmwRmq/

https://modernciftliksulamayontemi.xyz/fHTKmZhmwRmq/

https://verimlisulamataktikveyontem.xyz/fHTKmZhmwRmq/

https://tarlaotomatiksulamasistemleri.xyz/fHTKmZhmwRmq/

https://bahceveseraotomasyonsulama.xyz/fHTKmZhmwRmq/

https://sudepolamaveverimsulama.xyz/fHTKmZhmwRmq/

https://bitkisulamastratejiler.xyz/fHTKmZhmwRmq/

https://sebzesulamasistemcozumleri.xyz/fHTKmZhmwRmq/

https://akillibahcesulamauretimi.xyz/fHTKmZhmwRmq/

https://gelenekseltarimsulamamodeli.xyz/fHTKmZhmwRmq/

https://sulamaekipmanlariurunleri.xyz/fHTKmZhmwRmq/

https://akillidamlamaotomasyonsistemi.xyz/fHTKmZhmwRmq/

https://pratikverimlibitkisulama.xyz/fHTKmZhmwRmq/

https://topraksizserasulamasistemi.xyz/fHTKmZhmwRmq/

https://otomatiksektorelbitkisulama.xyz/fHTKmZhmwRmq/

https://verimlitarlavemodernsulama.xyz/fHTKmZhmwRmq/

https://bitkisagliginagoresulama.xyz/fHTKmZhmwRmq/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    defense_evasion
  • Requests modifying system settings. 1 IoCs
    defense_evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.pink.imitate
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4507

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.pink.imitate/.qcom.pink.imitate
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/user/0/com.pink.imitate/app_stuff/edbbWwZ.json
    Filesize

    153KB

    MD5

    5981a5c7291d6611278beb85767d8169

    SHA1

    6b002d977a4aa68e97673f565eeb180a852b3de1

    SHA256

    0e7bf998a6d31c8080b083b920bf538f455f8cab6084afb5640eeb18dd943c52

    SHA512

    0e525032574f4acc15ce4e410e37385e96c171cfa9037ba9bdff06782e96b6d6c829082229bd8eb46a38f54a58c25e1118822353496214462dab15366a0d5849

    Download Submit

  • /data/user/0/com.pink.imitate/app_stuff/edbbWwZ.json
    Filesize

    153KB

    MD5

    9f025d53ee3d1ea0e1dea52034a66605

    SHA1

    3f3eeac1224b8a35ca6411c3589306d5a83d438c

    SHA256

    6dc92296fe3ec0cd8ee13ed143ff2ae0cd87120bbc9f076d5ea15337624e048c

    SHA512

    8b46f91495e214c08c536d82a360b70b7ec5fd8f24eb0b1576525fe55e78f9c55bc7557624f69bcf7c633312d031589f921afac179f47bf5c0b4d52178d85aaa

    Download Submit

  • /data/user/0/com.pink.imitate/app_stuff/edbbWwZ.json
    Filesize

    450KB

    MD5

    53b117f0218ff367774841c1ed3315c9

    SHA1

    3d91f12564553dbb18cb99a356098b4b5f8fcb10

    SHA256

    640498bc35ca292d1a5477c2f22fa2640a230d59fcfc4e1a0d0c77cba8eb34c4

    SHA512

    d1eb9d4b9a0f4174f5a93d6ae5652b2fa63c695bd597fe963da7df917283fa0d8ff41439ea0b01bd634b89066cb142da917c137f10bea599515f387e62980fa5

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    52B

    MD5

    6bc63d7aa6eb5f5ea84dc064e8a11efc

    SHA1

    879a3d80af6a179f23c7116349752ca6d3afb034

    SHA256

    8cbf0bf5f782de34cbb17051301dd9566e90064f84e8dd5e2a64205c6ede2467

    SHA512

    f1d30b345b5968e78d4c7582034bdae084c0d25bfd6b6bfe2107d870df92091feca7e2fa7cc25e1f3194a0cbf3dcfca48ad3361a3e3503d7bc1adb0c9504783e

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    66B

    MD5

    a634c1d85c39538ab9da8a00111faf49

    SHA1

    808f944b30df45901a9ae3ac34607108d6c62d4b

    SHA256

    aa4cc83eab931cb0f115ca8da77970f04e6cae3a8c7850df2fba54758c8f7e59

    SHA512

    bcee4e6b976e73d78c83a1ea197ffd86e13d98e8ae818d9665bbac09bc8266193976835ea5fbe1b54e5f78268f72517648ccad5d1e252de4b9c724c4caa98f72

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    84B

    MD5

    514b816bd781625e3402984f4d1ba005

    SHA1

    c41d62810bd31ee2c71e2c28de57d6a237598dde

    SHA256

    99924a80985f61a9249d98f895e73ec842edc5c27c3523c2a0e71b60bba440f8

    SHA512

    095fd5e8630f03909de7d4231e210d1d603de06126203052100ebdae09a54ca6a839f0ed67b3816680fcdcec28f7d6a49a9be7bb02f959cf4c6f5954298865ee

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    68B

    MD5

    d075ba313744f83b552615db323ac814

    SHA1

    a54ecfdc031e70976f9b28ebb553b14ac38b2c81

    SHA256

    763ba090e11c2fdb85d70af2074144f962d8aefddda7848d329869598a46eb6f

    SHA512

    05be9e0b4e768e01bf53bdd1daa8bc10921842b33d2713fce15a88f4176275bd8a190d40d3575be85e7d2991ac01d4613bf2b03b9d17ab9a6defd4a5d68220b5

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    214B

    MD5

    4cdf1db26a4eecf861f38e9d2053e936

    SHA1

    799b44765a4f680c79e86b60736323aeb2382954

    SHA256

    e39f931c40c91bc003eb32be8216af74c4bfa0a85c60e41f1cf4709ad8c2dacf

    SHA512

    bd200501b12d07ad64d68d873183113e6d49b05841f53da5a75cf7ad43c4455d3f3dc22c6d13f3f4f67b1ef9c634fe5b32db57f893a8e6ba1bb1c8d6edfdf428

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    54B

    MD5

    569fed40180660cdbd752927e4952f22

    SHA1

    417b143c6750c2847ece3ca6beb96f947f49801c

    SHA256

    406e58e7c17136e4e3191140f546b44f60ab3fa59596041a6b9185b04de3ea8e

    SHA512

    958da198d027a7cf7fbe3e4a03a2c7c440a240ffa3bcbc2c6e0696f1d1aba87358bf7257722f029c07568377e402a78ca1ddf375aa2acbc8be31416e51df00bd

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    68B

    MD5

    92fea1b6c5293a0a532bf00604dc724e

    SHA1

    8dc036561ba0843c67dbf2451b9e6a32adce47a6

    SHA256

    4067447e62fe37b144d56cc4ad68a8b040ca492a5f57ab3f2a472093d00a4324

    SHA512

    407111d2662851745d1e7334d993efa4387abb6ee39e73bb08faa6b0d4311a1640c0254e7e0b731846f31df39380cf0119079cce55b2dff9f8e2ad3ddc1d2e02

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    60B

    MD5

    bed42ae590af312782f9abb69470108f

    SHA1

    b7fe1a8e8aa86238c34605b8da5687a4ff438cd9

    SHA256

    dfa4578834a733cc558512198cba839eb3c26d6a09cea06311cf300f5275069e

    SHA512

    d9b06201fe1615bd6917078ca3ff2aaa40c5d6002d3d0db117998f3fe0311a1e3132958855a8170588869e6930be75549f184d1644bd2cef7debf841b6a7f9ab

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    490B

    MD5

    9298e526da3acd0aeb4549e0a1a0c7d7

    SHA1

    3b1654617528485c69be716526962d3f01c55dde

    SHA256

    5e99c53f7ddc48453ee841b857c20d2d624e15d78929703a17d9453ae97756d1

    SHA512

    bcfc3ce956b3912dda5dc7406fcd4e1305dc03b3bddd0fa9307f27c3b628cc24f7efe7fc5006148e00e39641da339a41e1393512961355117bedca7401e80112

    Download Submit

  • /data/user/0/com.pink.imitate/kl.txt
    Filesize

    60B

    MD5

    fe11e483266b86d7ca43ef26c89da714

    SHA1

    15af174140d1d7701008ef169447d287219e4f2a

    SHA256

    9bcc1916910df045a5d17e319348fff363b6b6e31155da633af793c20725d58a

    SHA512

    62dfda302a654722e20094a5b06f5105e6e83a8a829e9e20259ea523c3392009d32cffd31b9345f3bfbffcd331830efbd1cee6de7b9f1a87f5e3dbaf54e5251e

    Download Submit