Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

56f114a308...1b.apk

android-9-x86

10

56f114a308...1b.apk

android-10-x64

10

56f114a308...1b.apk

android-11-x64

10

bootstrap.min.js

windows7-x64

1

bootstrap.min.js

windows10-2004-x64

1

epl1.html

windows7-x64

1

epl1.html

windows10-2004-x64

1

gpl_3.html

windows7-x64

1

gpl_3.html

windows10-2004-x64

1

howto.html

windows7-x64

1

howto.html

windows10-2004-x64

1

jquery-2.1.1.min.js

windows7-x64

1

jquery-2.1.1.min.js

windows10-2004-x64

1

keyboard.js

windows7-x64

1

keyboard.js

windows10-2004-x64

1

libcore.so

ubuntu-18.04-amd64

libcore.so

debian-9-armhf

libcore.so

debian-9-mips

libcore.so

debian-9-mipsel

libnative.so

ubuntu-18.04-amd64

libnative.so

debian-9-armhf

libnative.so

debian-9-mips

libnative.so

debian-9-mipsel

mit.html

windows7-x64

1

mit.html

windows10-2004-x64

1

mpl2.html

windows7-x64

1

mpl2.html

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

mraid3.js

windows7-x64

1

mraid3.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

Analysis

  • max time kernel
    2796444s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    06/11/2023, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56f114a308194e9804635afa69c8edae27d2a64f0cfd6991fc62eec12e9b941b.apk

  • Size

    1.8MB

  • MD5

    59daaa414b30e52072b056b78300e3e7

  • SHA1

    0a4e9326ebb657db5de4716ed96b264edeb7b441

  • SHA256

    56f114a308194e9804635afa69c8edae27d2a64f0cfd6991fc62eec12e9b941b

  • SHA512

    ce3e7b9ea1f7236b4830d03c7a46367331da969e15613e4b261c225d4fa2ece3ce5ec58b2dbb787580ccb9f9d0d5c318ae8c3d60b1c9873d52f8a30e097edda2

  • SSDEEP

    49152:GKDkRK5ciwVZYt+JJ2f4N3jnx6wPm4i9eV3GZWa0U1:JkRK9wDYtl4N3jx6wPmv9Gs1

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://142.44.163.144

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • com.hybrid.harsh
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:4253
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hybrid.harsh/app_DynamicOptDex/WGEckrw.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.hybrid.harsh/app_DynamicOptDex/oat/x86/WGEckrw.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4279

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hybrid.harsh/app_DynamicOptDex/WGEckrw.json
    Filesize

    64KB

    MD5

    3a8bb927114a7b078c61523f4bfb37e3

    SHA1

    d0393cbf5385ffed537621ac2e47aaa9648c29d2

    SHA256

    1989518a068269b7641ef11aa0595cc357fc0179c912a8283b2f71743ea44e51

    SHA512

    1f026ec9dbac025e87f38d2c35667c3ec70923857dc3d541b035181d789061a8231ab411a332c906629dbb997b8eaf576148edd13c17ec344f92ba40aa9dfca0

    Download Submit

  • /data/data/com.hybrid.harsh/app_DynamicOptDex/WGEckrw.json
    Filesize

    64KB

    MD5

    644256e0c745741f6a3dcce4b5bbf771

    SHA1

    d1538c7fcd420e3b0429ec663f9a5d1cfc82f0da

    SHA256

    4e981fa0622b5f98df5f102c5fc2881684d760d4b0cb4b64bf1eb8cabb1aa9ff

    SHA512

    2f975b7d789d3e3dc0ff3585670f043e605c971260c1c35d04237db97f9a8b0d4d7b5195c73b3bef4a215abd6cc9a6dc923003045e17ab8698c43aecf7369525

    Download Submit

  • /data/data/com.hybrid.harsh/app_DynamicOptDex/oat/WGEckrw.json.cur.prof
    Filesize

    830B

    MD5

    d839e21a07d204e59afe6098d23564be

    SHA1

    490a17702ccbfea52cec789f8b112b6905300d89

    SHA256

    410047011360db37f5dc9a9cfff3322c8fac8cbeead1b4f0bd3ed384b3bca064

    SHA512

    d17366547ec357d54784bf12cd34f5c6ce6e8daed589c6276f78e8064037f9a86084ab0dcec00f2933b0efa068680b82dff6df784dd50a33a773fe68f11ed916

    Download Submit

  • /data/user/0/com.hybrid.harsh/app_DynamicOptDex/WGEckrw.json
    Filesize

    125KB

    MD5

    36147550f98cbe8f3229579ca6b41fa1

    SHA1

    b263c678e1609f3a6c328fcd64305f56212fcfe2

    SHA256

    3e75bf1959f48b764c503daab0f10e74f8cddf6dda93c6e3be8e29cce4fec6d8

    SHA512

    12d61fafe23d7ad4d3efbf110150e0fc5c75ef58e1fdcada4570dbe34351a90ab3ecb66aaca49a98b113851971e5cfc1d623a67cab028e3a42ba139d9c002c00

    Download Submit

  • /data/user/0/com.hybrid.harsh/app_DynamicOptDex/WGEckrw.json
    Filesize

    125KB

    MD5

    1838419e697f62ae8c52800822e89659

    SHA1

    589496e597ae80ba99d89f52396eb080c4324794

    SHA256

    74c6fb2aa041c87ea9ccb6d4b6a36983e279875722e068461a66c42e09b192ef

    SHA512

    f14ee2843e28e7ccd1832f35503e026e9354713038479359ddd2bc6c65ffe6d9653f41dd8014d936b45c6227db646a08968152452cf7728ced9fc52318a58d31

    Download Submit