Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
784360s -
max time network
161s -
platform
android_x64 -
resource
android-x64-arm64-20230824-en -
resource tags
-
submitted
25/08/2023, 22:02
General
-
Target
d51af4c716bf7980c2e72f871356a68f86bfe276d82beaf0e2dea78c9584929a.apk
-
Size
2.1MB
-
MD5
a976a44e938fe417f11d9cf31dd713b3
-
SHA1
61af018d0cfce1742234fdd3313825c61cb6671f
-
SHA256
d51af4c716bf7980c2e72f871356a68f86bfe276d82beaf0e2dea78c9584929a
-
SHA512
f2670e4745f6f8b1aa66d941627ae171e77162bc9b702498a655854ea2e3eefdd9922d7f8ad9309cb34f4e66fd1eaa618360cafc9d9f0c481a9fd06aeb96e38e
-
SSDEEP
49152:nclZM9iq1rIQvAh0XeOjW/jEXQfNGHRXpfNuSModv2N+1bZz32Mb/DuKNLcQ3Pym:ncbM9iHQvAh0XeOjW/jEXQf8HRXpfNuw
Malware Config
Extracted
cerberus
http://5.199.168.237
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes
-
com.twin.phone1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
159B
MD587a0f057f9ca4156b64141ba87648067
SHA1a0ed2b9c4a2b3ba6ac7f7b0e29132c73ae038d23
SHA256675fdcfc60e36eba128261cff0d21318ad2862846752a80a6ec872139b82f31d
SHA51226190fe8131a0ba7bb6cc62049e8e236d7df2aaa2bb08a9b4e8898ac6a97dbd397d954c3d7b1c0785f7bdb4d71759191b15aeaa01af85c90f677a772f0f484e1
-
Filesize
64KB
MD5d007a5bb21847719a203420d3f8d95b5
SHA1153a6f88eaa61e455f944fe55b13a6b82c251039
SHA2564592eb903eb7712b05831ff1dcff2077cff4c896a37251e6237e2a29bf7d21dc
SHA512371604d06d25a09ac9cd22486e3e26eae3cd53a1e73eeaaa9b75f6628aa0aef57deed364dd9b079b16a9c3bde3ce53f7e42c5c3c0403531568ae2c403ea81394
-
Filesize
64KB
MD534586fe182520c3ac2f2113b0d8c87c7
SHA1b1516e79434c55dd3a1297f2db1945584a6eac9a
SHA2566b9b88865d56d1d0287458e104ae86cac7eb1c803db5b610f325e9b6ccde509d
SHA512d02594da4f4e87c5865b94cedffff992d7a69ecc046c6a09222078586a035c3d5f7c0506512ec7e68770f73951085533a9d4fdc412badb508e578356d570f33d
-
Filesize
124KB
MD5cb4e24cea57de42f595068fd09dc48fa
SHA12ffcad976f2d390b25d4f266928cf42f1fd51efd
SHA256381e5a47eb56c6d5191cabb6de42219d3e6bd87b64c0bf5f0f2af0ee2195f91d
SHA51254b455b74c2f11225e408f549e0cd1987f767bdf00e95b074d6f64ee6662d41fa792c3d8cb220a49258da56d69a237a5ae18de72e4ca3faab9d6a1b295c00d5e