Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1983332s -
max time network
30s -
platform
android_x64 -
resource
android-x64-20230621-en -
resource tags
androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system -
submitted
21/07/2023, 02:10 UTC
Static task
static1
Behavioral task
behavioral1
Sample
a05497647a879afec62bc7e916005f729fbfee48cfd56423481e0600061678b6.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
a05497647a879afec62bc7e916005f729fbfee48cfd56423481e0600061678b6.apk
Resource
android-x64-20230621-en
Behavioral task
behavioral3
Sample
a05497647a879afec62bc7e916005f729fbfee48cfd56423481e0600061678b6.apk
Resource
android-x64-arm64-20230621-en
General
-
Target
a05497647a879afec62bc7e916005f729fbfee48cfd56423481e0600061678b6.apk
-
Size
7.7MB
-
MD5
c1285b8df2599ebe3c8af1b5076d7b2c
-
SHA1
6c2c5117609c01ec2869d256ae9c750723099584
-
SHA256
a05497647a879afec62bc7e916005f729fbfee48cfd56423481e0600061678b6
-
SHA512
fbdbed0db1f9ff75a210249e907d991158008acaf47bd3b1f9ccaac9f19a1b79638c9ce4e90e5bc9fa74137bd4a5cc2aa42e7015e6c55f20622e59757eb98cb7
-
SSDEEP
196608:vmahQbqtifoW5aL2viPyMi0rS0hw+L3ESj:k2Ef1akaSAwAj
Malware Config
Signatures
Network
-
Remote address:1.1.1.1:53Requestwww.cerberusapp.comIN A
-
Remote address:1.1.1.1:53Requestwww.cerberusapp.comIN A
-
Remote address:1.1.1.1:53Requestfirebase-settings.crashlytics.comIN A
-
Remote address:1.1.1.1:53Requestfirebase-settings.crashlytics.comIN A
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A216.58.214.8
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestwww.cerberusapp.comIN AResponsewww.cerberusapp.comIN A66.228.35.203
-
Remote address:1.1.1.1:53Requestwww.cerberusapp.comIN AResponsewww.cerberusapp.comIN A66.228.35.203
-
Remote address:66.228.35.203:443RequestPOST /comm/restoreconf2.php HTTP/1.1
User-Agent: Cerberus 3.7.6 - Android 29 - Pixel 2 - 10 - QSR1.210802.001
Order: xvp8k6vztapaobgbhfp2d6gl
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Host: www.cerberusapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Server: Apache
Strict-Transport-Security: max-age=31536000
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src * data:; script-src 'self' https://*.cerberusapp.com http://*.cerberusapp.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.akamaihd.net *.googletagmanager.com *.googleadservices.com *.stripe.com data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src https://*.cerberusapp.com http://*.cerberusapp.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.googlesyndication.com wss://*.cerberusapp.com:* https://*.googleapis.com https://*.stripe.com https://*.doubleclick.net
Content-Length: 0
Keep-Alive: timeout=30, max=3000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:66.228.35.203:443RequestPOST /comm/s.php HTTP/1.1
User-Agent: Cerberus 3.7.6 - Android 29 - Pixel 2 - 10 - QSR1.210802.001
Order: 0aw9085lqpqwa96m8pq5o66t
Content-Type: application/x-www-form-urlencoded
Content-Length: 18
Host: www.cerberusapp.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Server: Apache
Strict-Transport-Security: max-age=31536000
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src * data:; script-src 'self' https://*.cerberusapp.com http://*.cerberusapp.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.akamaihd.net *.googletagmanager.com *.googleadservices.com *.stripe.com data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src https://*.cerberusapp.com http://*.cerberusapp.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.googlesyndication.com wss://*.cerberusapp.com:* https://*.googleapis.com https://*.stripe.com https://*.doubleclick.net
Content-Length: 21
Keep-Alive: timeout=30, max=3000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:1.1.1.1:53Requestfirebase-settings.crashlytics.comIN A
-
145 B 40 B 1 1
-
904 B 40 B 1 1
-
904 B 40 B 1 1
-
1.2kB 5.6kB 7 5
-
1.5kB 5.3kB 12 11
HTTP Request
POST https://www.cerberusapp.com/comm/restoreconf2.phpHTTP Response
200 -
1.5kB 5.4kB 12 11
HTTP Request
POST https://www.cerberusapp.com/comm/s.phpHTTP Response
200
-
2.5kB 8
-
130 B 2
DNS Request
www.cerberusapp.com
DNS Request
www.cerberusapp.com
-
158 B 2
DNS Request
firebase-settings.crashlytics.com
DNS Request
firebase-settings.crashlytics.com
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
216.58.214.8
-
69 B 1
DNS Request
android.apis.google.com
-
65 B 81 B 1 1
DNS Request
www.cerberusapp.com
DNS Response
66.228.35.203
-
65 B 81 B 1 1
DNS Request
www.cerberusapp.com
DNS Response
66.228.35.203
-
79 B 1
DNS Request
firebase-settings.crashlytics.com
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
112KB
MD5c00e56432fec53a3af4cb74375486250
SHA10c0836763aa016d67ceaab90f46ae1f039ff5754
SHA256511fd696d23abfeee7a721f47ca97e7f429104b1c04b5a7cee39e56ba2dca2df
SHA512538dfc872ee37da8257cf7da239e47031069bd7292e2e8e5aaf77d4ea61e2fd25f45bd0d89a3bae191e0624b440e37168645376bf3c5886fdab91928d2c08fda
-
Filesize
1KB
MD597b4d31810a462733f25ac05cbe46af7
SHA13847d51f194cbd66f785fa00b28549b9c574cdc8
SHA2564e26a9c0f629b9e05e86167a74ce4ee9618dec7051799d581b9385a1a1110e80
SHA512fa424b9e53bc65952041c110dc20a5e6d86a9e8a3e8753a8fe600560da32b812680b669a3121b3457c2ed3bd027f714a822ae795e757eb409c7c536f984b7810
-
Filesize
88KB
MD57bd7e08b7c157fb7a04f9701b6965b65
SHA119ed78cffffd879509071b091ba60776c18e8d97
SHA256c3aa0e8a52b6dcae0f988502bb3887f94c13148a8f36c3fcf5036c7c99afbdbc
SHA512a668c141cd4d48396e9d67e79ec1036a8ad4498293e0f16d108e8c4d842f76714f561bbe440a3a5dbcfb6b7ade257ffed7fa07c56566c8ea938589c61943d4cb
-
Filesize
1KB
MD594ed6700ce224dd7e19cdc99b1cd0778
SHA16203ab382fb9359549422a3a439f7451f547c08f
SHA2569237c233944c3e490e07441571ebe7cad5cbec0b4a6f62d49fb620812d22c163
SHA512aa1c23643bf19c8129581deefa7d2e35fd44398b933b6765e4b29c59587cc5fb25a9bbf4e50a0f2531cc5a8a3ed63be8097bbe125d5a1e5c17e9918dd9970c26
-
/data/user/0/com.ssurebrec/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-64B9E93B0346000113AC844BB403987A.temp.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/user/0/com.ssurebrec/files/.com.google.firebase.crashlytics/report-persistence/sessions/64B9E93B0346000113AC844BB403987A/report
Filesize737B
MD5811ceef16314528d153e222e925a36e0
SHA1feb4260bbb2178635e745091fc72bfcc5c57da3c
SHA256a14b86f46274bac2c83bd126e17f8c5eb9f7261aff4bb1766bec02bbe58e975f
SHA51243f3d8e0e68f699a0e8f3a163e8092efff7d3b38c53bf9eec5ff6a5bb6bcd149a90854fb405d74deb779e9907b449534bf2eabca1390cc10bb7d62909519f0cb
-
Filesize
24B
MD5ba6d553fb5537b9793ebd15538b40179
SHA13436963b6d01773183cf798cdf5d22a864e46f71
SHA256a546d24c59aa860b4af1551831599b14366c479bcc4badcd64e06a75bf93cdf3
SHA512592c6d14490649fc17ea5004742326bb6110d379d46d98f593c12e23de98715f18b958335756cf1ff2cc9a8f211d9c07596da6b1924636bc12c8242f4a5834e9
-
Filesize
8B
MD5390645c4b19c3bf4747d8c80d1d8488e
SHA1259e0d8fc15fc6e8f92f8ed946f9b027c43cd22c
SHA2563f698bc4a0106cebfd8eb8922c8bb17da69f5cd1dd87d8d770d663fd793baa8f
SHA51239a3bfe5b262a562ff321a51f75e583f12fc9e2825f96c21c0cfdb818ff8a8dfff0b2729a7023a2f329f78ccbf452b8b8ff671e3c064a4ac8c0cc6b9b08a5979
-
Filesize
239B
MD529c75e2f11c91ca4748429c347ef4e70
SHA15a16662746f9be6b578fa948576daa75e31f0322
SHA256bbb8668a1f68c488d3e4a08a6647f25ca976c7f29d787a3e207c2f5ec25f1008
SHA512507af4892cdcf797d13d1cf802a58acc64435e8b74891e17fc110e8be6d5b393987a7a17a86d6b2ff0f46e15d78d279be2bf585828993cd0295511b5b41a5ead
-
Filesize
134B
MD58b9c9769b214ba0564808208cedd610a
SHA1f74d7045636473b844d1ce18f7f62593fa08379a
SHA256887890c0470dbaae71a0fc0c2b8b8dd2426b86123892a87f1db3e2a149f5645e
SHA5120b29e1fa45a9515022f6fa2fc7d7428876a807f5c7e2edcbd4f217cb93cd0c2744b0cf2bf509e1a941e8a222dab9383c45006ad6d098dfab6f27f254b54af320
-
Filesize
188B
MD5b0e3a07c4f9671a94573616e7c7c074e
SHA17e6bc39f6cd4f704c6dd9d0d605b2d8177f9f279
SHA2560c95eab1a538848ab8afca82c6781bef77e04fb15bdb66ab389b112147a96aa9
SHA5121e61e8ca09591db3ad38110252f2308ef5a32d61e3d4fb3b2a2f5c73dacc8d4eef7dbfc014f6fa28dda3a24810e297637b8641807fe4c41c7c41b2c7189130f1
-
Filesize
389B
MD5993ef82f54a7a30c946e45162f95be96
SHA19a49ee77ebd8715e93565463bffcfe752b026498
SHA2562664ef95fef4769a532c20109428ab07235dca294bfd829955841380d80dbb26
SHA5128e5395ac9ee7118e931ec63b5b1c759bd1fd03faf0bb6a913c9a1d0620a7a8ab3e81196c82de4bb70b2b5d8cbae7c68b56aa06330eecc89948bb14045d9f121f
-
Filesize
600B
MD54a705ce9daeda030c9aaab4a2fc5f018
SHA120c7ea7be2f913e91e282378c4499e32daa5b01b
SHA25604bee97f8e1237b334967fb0c5109bf2c2c5df666ee36b0f273ec8c3cf3308d4
SHA512f27e774007b28f877f0e69452959bf43ff631424fb62f4683e740d2a5bb057c0bb1b4770abe816ec69db45015f27c5bdbb6451528a6db84bbf3cbf0d4820c980
-
Filesize
601B
MD5b3d17d107b6dbc638dd62ab8d53b1c4c
SHA10b4fabf10bf02dc2755b48da969302081fca7a07
SHA256c3d22524d718f8e2ce00550fc5b41de5ba68ab13f3fd6923c92facf58866d667
SHA5127c5065786dfec9f05cdc4560ee0f0ee5840c163f04b0f59c1f5bc733668bceac34819a251bc7b97506332a2f6bcd2dab18e65172968465449d03c5a5dd559182
-
Filesize
713B
MD54fc5ff426ea9e91d45d3d4c7457092b6
SHA138f728be312fad76d5aa0531d4b3581dc4b5a4a7
SHA25622d469b43f733c91eac7e1d38c103b7e594c1141e940e739a5779a83a6aa4df2
SHA512ee490237332a4f9ab6ecf9df5f9c195ccc4804434ecb247e1c61b2785e8d58cfda19535d84b61107ccfce9690cfe27f904be721923d25b75c1db64c70dee6cf0
-
Filesize
790B
MD5d02f7a2360b381302b95f4f1d6b617d2
SHA12c94c01e486d231521e5aff57a773a8bb2d3f2e7
SHA2569ce20fbc2359cd12ff55d39fbb35a7248ca6212f5e429ffc8c9ed895fa8604a7
SHA512d5e6c15c532db2feb24ad1863ad691c3827e9b47c8f884597c40d3c89d8cd514b5780e844fe2513fc99f048d9855a0a268fc3edde79fcb65911ec1d0e38756be
-
Filesize
122B
MD5250b4caeba60ddf53228405750ba66ca
SHA1422ab714feb34e9f3b4f1cbe669887bcd581ddb1
SHA2562478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e
SHA512373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb
-
Filesize
146B
MD5b89d1759ac4fc1f050b4759539da7f9b
SHA197eddcee81e339e48ee6c2252725938028bfc068
SHA256d6872e21bb0349f636eab3968a69ac8cdae194593f4ff7226eb4ff65c4554f10
SHA5124c23c6a2662979ff7b0d6e7f6081f95904f3320a959a14b08f4dd6ae6dc5fbddc60a6362b8988df3e139a2af2eab0d1d519466da59c4d4fd968467eaabcaac96
-
Filesize
311B
MD52d6e21ef41df542b9b1ea1156d470ba1
SHA11486d5fb1f4dc32e6a8f3c40d82b97e0a37e6b72
SHA256731172beaecab802553c8ad25e576b275a4b82a1383196ecec46c3e84d8d89ad
SHA512b323f1d1921f6165e5167714bb16fe17dae76a3960b3ab00720e1d4e9e65572754e0e0727027d16f12d1338e7340acbc9461409409b3200a439132305a62a275
-
Filesize
116B
MD575dbfd7cb8f7935da0054091284ddc6b
SHA1561acdebae34cfd4a3ebca1eddcaf809850d5f21
SHA2567da2af7a9f6ab089d0f4d0189d7af63d418430bc039f3df69164470975120410
SHA512d0d72b069ca5bc556330db3956dca7afc43980769f8b587222af644e6d050eebdbf9248d93e0553764b7bef480d99994387e6bd8800db51caf19d168be3dd6d4