Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d96173d6a9...9f.apk

android-13-x64

10

d96173d6a9...9f.apk

android-9-x86

10

base.apk

android-13-x64

10

base.apk

android-9-x86

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

  • Size

    9.1MB

  • Sample

    250321-xhq94awtas

  • MD5

    5f218d00ffb2baeb383b3e0edc191805

  • SHA1

    e622b5eb702f4a65d26168296462be5d823f0425

  • SHA256

    d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

  • SHA512

    9680b49c2a12a1f99aca410c43ed45656ac60627ce2fe89f8e5527fc7e3da8d1aabb02ad71d93121d436f8b678bd13b4aa3e8419e6c790f8a3bfe8487441e2ac

  • SSDEEP

    196608:Vy0aiW7MCpgWyvJnuNX2jgCFl25mGngraiaI6/UhQfKLA4m3dfZEa7SJd6:HJW796JuNXWg04iaiBfnSdfrC0

Score
10/10
octotanglebotandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistenceratspywaretrojan

Malware Config

Extracted

Family

octo

AES_key
AES_key

Targets

    • Target

      d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

    • Size

      9.1MB

    • MD5

      5f218d00ffb2baeb383b3e0edc191805

    • SHA1

      e622b5eb702f4a65d26168296462be5d823f0425

    • SHA256

      d96173d6a98242950fd8797d8b36a8836abce6a991c9f987d84514dee1d7309f

    • SHA512

      9680b49c2a12a1f99aca410c43ed45656ac60627ce2fe89f8e5527fc7e3da8d1aabb02ad71d93121d436f8b678bd13b4aa3e8419e6c790f8a3bfe8487441e2ac

    • SSDEEP

      196608:Vy0aiW7MCpgWyvJnuNX2jgCFl25mGngraiaI6/UhQfKLA4m3dfZEa7SJd6:HJW796JuNXWg04iaiBfnSdfrC0

    Score
    10/10
    tanglebotevasioninfostealerspywaretrojan
    behavioral1behavioral2

    • Target

      base.apk

    • Size

      7.1MB

    • MD5

      ef9ca4ebd1e4f8c345a8ef2c9cbcb756

    • SHA1

      cc378fa2d6b2af6dcf65f8c8608fa5e0306f0f45

    • SHA256

      0ed5e46d9da10084baa9cad664f2f54b15ace995208e171d5c49c56466a64146

    • SHA512

      f9a0abd1d8be2ab13d6cc2c70ef946075bc18f0b0400b0814e0855c617c6506701c8b4f7341d643b52f75049d11ff8ec3bf6b65a3bfaa329b3591700d161980e

    • SSDEEP

      98304:R5iSRG9jujVKjJsDSj76Rs4J3z8pPcoAABKPbfUfmNB6Ae0OR5Y:RrBU1s2j76RH8yoAC+NV

    Score
    10/10
    octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

    • Octo

      Octo is a banking malware with remote access capabilities first seen in April 2022.

      bankertrojaninfostealerratocto

    • Octo family

      octo

    • Octo payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests enabling of the accessibility settings.

    behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks