Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

d51af4c716...9a.apk

android-9-x86

10

d51af4c716...9a.apk

android-10-x64

10

d51af4c716...9a.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    784277s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20230824-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230824-enlocale:en-usos:android-9-x86system
  • submitted
    25/08/2023, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d51af4c716bf7980c2e72f871356a68f86bfe276d82beaf0e2dea78c9584929a.apk

  • Size

    2.1MB

  • MD5

    a976a44e938fe417f11d9cf31dd713b3

  • SHA1

    61af018d0cfce1742234fdd3313825c61cb6671f

  • SHA256

    d51af4c716bf7980c2e72f871356a68f86bfe276d82beaf0e2dea78c9584929a

  • SHA512

    f2670e4745f6f8b1aa66d941627ae171e77162bc9b702498a655854ea2e3eefdd9922d7f8ad9309cb34f4e66fd1eaa618360cafc9d9f0c481a9fd06aeb96e38e

  • SSDEEP

    49152:nclZM9iq1rIQvAh0XeOjW/jEXQfNGHRXpfNuSModv2N+1bZz32Mb/DuKNLcQ3Pym:ncbM9iHQvAh0XeOjW/jEXQf8HRXpfNuw

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://5.199.168.237

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • com.twin.phone
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:4113

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.twin.phone/app_DynamicOptDex/oat/uN.json.cur.prof
    Filesize

    159B

    MD5

    fead972d9c668302c405311416038646

    SHA1

    2e407532741033a89ee936cba15f1657efd5df4d

    SHA256

    f830fd91fc385368fca4c28518ff08fe5d40a791056a5b0c964795ee0bf69763

    SHA512

    8b21506efd5b06076e671bf67b6a1795326906e34fd7d79e0db388e0f73458e36d131890e2409b78ac1bf77911f1368978eee1ce5316e5f7571faf0ee2f34750

    Download Submit

  • /data/data/com.twin.phone/app_DynamicOptDex/uN.json
    Filesize

    64KB

    MD5

    d007a5bb21847719a203420d3f8d95b5

    SHA1

    153a6f88eaa61e455f944fe55b13a6b82c251039

    SHA256

    4592eb903eb7712b05831ff1dcff2077cff4c896a37251e6237e2a29bf7d21dc

    SHA512

    371604d06d25a09ac9cd22486e3e26eae3cd53a1e73eeaaa9b75f6628aa0aef57deed364dd9b079b16a9c3bde3ce53f7e42c5c3c0403531568ae2c403ea81394

    Download Submit

  • /data/data/com.twin.phone/app_DynamicOptDex/uN.json
    Filesize

    64KB

    MD5

    34586fe182520c3ac2f2113b0d8c87c7

    SHA1

    b1516e79434c55dd3a1297f2db1945584a6eac9a

    SHA256

    6b9b88865d56d1d0287458e104ae86cac7eb1c803db5b610f325e9b6ccde509d

    SHA512

    d02594da4f4e87c5865b94cedffff992d7a69ecc046c6a09222078586a035c3d5f7c0506512ec7e68770f73951085533a9d4fdc412badb508e578356d570f33d

    Download Submit

  • /data/user/0/com.twin.phone/app_DynamicOptDex/uN.json
    Filesize

    124KB

    MD5

    cb4e24cea57de42f595068fd09dc48fa

    SHA1

    2ffcad976f2d390b25d4f266928cf42f1fd51efd

    SHA256

    381e5a47eb56c6d5191cabb6de42219d3e6bd87b64c0bf5f0f2af0ee2195f91d

    SHA512

    54b455b74c2f11225e408f549e0cd1987f767bdf00e95b074d6f64ee6662d41fa792c3d8cb220a49258da56d69a237a5ae18de72e4ca3faab9d6a1b295c00d5e

    Download Submit