Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

12979c926e...f7.apk

android-13-x64

10

12979c926e...f7.apk

android-9-x86

10

base.apk

android-13-x64

10

base.apk

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7

  • Size

    11.4MB

  • Sample

    250321-wwlq4avxcz

  • MD5

    2ad0c28f8ac131bfc51615f26186f222

  • SHA1

    5a37f988169f1c9fbe82acfd3a156f3df17a8ef2

  • SHA256

    12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7

  • SHA512

    cc496b1adbaa0f0578e63336b484cb0afea9ab1b00f5e0c08c2575601a729c493a8c258e49f2c94571db1d028289ad6621b196b52b5d501ccd6be1d863f4a0ca

  • SSDEEP

    196608:Rq2sniu16IfwWqBEN8K3K+c3VpHvW/ao+O9Aend7DmrZLlswmPN6N9:R+iuPfwWqBENJ3OTHvWiChdDmr4wm1Y

Score
10/10
octotanglebotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistenceratspywaretrojan

Malware Config

Extracted

Family

octo

AES_key
AES_key

Targets

    • Target

      12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7

    • Size

      11.4MB

    • MD5

      2ad0c28f8ac131bfc51615f26186f222

    • SHA1

      5a37f988169f1c9fbe82acfd3a156f3df17a8ef2

    • SHA256

      12979c926e3c3759cab084ca371d996384422b7932ccf7289408228150f552f7

    • SHA512

      cc496b1adbaa0f0578e63336b484cb0afea9ab1b00f5e0c08c2575601a729c493a8c258e49f2c94571db1d028289ad6621b196b52b5d501ccd6be1d863f4a0ca

    • SSDEEP

      196608:Rq2sniu16IfwWqBEN8K3K+c3VpHvW/ao+O9Aend7DmrZLlswmPN6N9:R+iuPfwWqBENJ3OTHvWiChdDmr4wm1Y

    Score
    10/10
    tanglebotevasioninfostealerspywaretrojan
    behavioral1behavioral2

    • Target

      base.apk

    • Size

      10.5MB

    • MD5

      0ece716e05fb6df33dd029f1f9c3f880

    • SHA1

      cb4c9fc65d1f1a2f4b40c94e5085421a92a02370

    • SHA256

      6ebafd78eb8f8fa088dd529896ca7fd3408093201dd4a26a8ffe67c5981122bb

    • SHA512

      fc90ca84051ea2d9187e71fcd21b2d339699dd39828c808f2476c44012b20aee28ff26cfc4edc7bb48de1a51f37eb0a1089998911cb17f24f145188860f00fae

    • SSDEEP

      98304:iLa4thGTHVKaH25o3X2RswXOv5iSRGel+vf2zMvB2nXFJ2J//398/ZrujER2TaX:BbHUQv3X2R5evrUuzMp2nNxITa

    Score
    10/10
    octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo family

      octo

    • Octo payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests enabling of the accessibility settings.

    behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks