Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2731ce15164f3117338ffaa0a5656c987449bca56f213db32b6269e20d133fd4.bin

  • Size

    1.7MB

  • Sample

    231122-1wrdsseg87

  • MD5

    99d7ba11670f792959351c899afad97a

  • SHA1

    277dd9436d9f85ad2bde242768bf45b38f80a8f4

  • SHA256

    2731ce15164f3117338ffaa0a5656c987449bca56f213db32b6269e20d133fd4

  • SHA512

    d65304503cf803ab570423db5366a06183e73efd7db2e577a4a4b9dc7b8459220c5934aa86e2330bca36a961682598db772a761a89b442254db55258591f6008

  • SSDEEP

    24576:6o/JQZLFq/V4/S5c+gxMk07CSXl28R1tdJntPCEBMXiUbwaN7MTMSgXqysTEy3ET:t/J/IzAhw4FjQXwRAhqysTXvLDe

Malware Config

Extracted

Family

cerberus

C2

http://188.120.236.119/

Targets

    • Target

      2731ce15164f3117338ffaa0a5656c987449bca56f213db32b6269e20d133fd4.bin

    • Size

      1.7MB

    • MD5

      99d7ba11670f792959351c899afad97a

    • SHA1

      277dd9436d9f85ad2bde242768bf45b38f80a8f4

    • SHA256

      2731ce15164f3117338ffaa0a5656c987449bca56f213db32b6269e20d133fd4

    • SHA512

      d65304503cf803ab570423db5366a06183e73efd7db2e577a4a4b9dc7b8459220c5934aa86e2330bca36a961682598db772a761a89b442254db55258591f6008

    • SSDEEP

      24576:6o/JQZLFq/V4/S5c+gxMk07CSXl28R1tdJntPCEBMXiUbwaN7MTMSgXqysTEy3ET:t/J/IzAhw4FjQXwRAhqysTXvLDe

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests dangerous framework permissions

    • Tries to add a device administrator.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Target

      EmailTemplate.one

    • Size

      13KB

    • MD5

      3c5691f650b4933195c33b9438ffd654

    • SHA1

      876e3f9d586e83b5e46d2909c66196b737f37df6

    • SHA256

      eacc312f8739991f01bede6d273635778425abfb9351d574503f41a24945d638

    • SHA512

      264b0aeb411d7fff8e22fa9abd0caf817475a7ef8f48a306264f7a3a6300e826f9b53a769b0b35dfa02cca23a586e25e46cfa378c271f0e2e67c58457bb695b4

    • SSDEEP

      192:NHxGl178KImBDFZ2Dp2v5N03KJhOAH0ejB:Kl/hFZMUR+3KIe1

    Score
    1/10
    • Target

      addthis-angular.js

    • Size

      524B

    • MD5

      bbe9d47d6e63aa1cc0c58309f9273a0e

    • SHA1

      0f96df191133462080d16c87d6a64272124011c5

    • SHA256

      7213fa380bf61f60d6e3ac49c02d4b04a8bc0fa7697be3108b61355e6e19b3f6

    • SHA512

      f9137f927dffdff240858e57e71baa9ac1fbd320027dc76ada0a040b42043f6cab551e62d658a68c0a2dc999f6a625e26e76c8b492d6383fdfb242ceb94f50da

    Score
    1/10
    • Target

      adform.js

    • Size

      787B

    • MD5

      032126363f13b003c1a4bea9a544b02c

    • SHA1

      a88e688e94bcec08eb68d0e93596826cb2c63c12

    • SHA256

      6edd9cebe87e1e20c759d1408cdfe63e6f0ad8f2ab2e35941785a673e2eb0dec

    • SHA512

      64d5073c2fc56bb491879e0828d91d497e43d4e4eb8b1d1c0cacdc7b46728eb426c41668bdc9cd40c6372e237f5c0e7a360f6aa0020603ca7274a238155f6dcf

    Score
    1/10
    • Target

      adnexus-ast.js

    • Size

      4KB

    • MD5

      75164dc1a27e20d8d0be18914354e488

    • SHA1

      e300ba0c2e4eaf6690626bb79cadd2414711f483

    • SHA256

      e8954d4bc1ba7a458a1fd2d9411c528d17471f958cede821f9182089e685cc77

    • SHA512

      35b7956234c5962bce1cc3191536e1017bda375b389813e5ddf996969faf2149dc0c9a8361f7e903b65bf29cad34162503f63aab238f0205e4d7b4309332ae94

    • SSDEEP

      96:ApbQ33GE2ye2nyzUyqM+GsLE4PYCaN7ydCgcq/oUZZZ4VV/UW6D8J+1q:AuSye2nyzpqbGsLRY7UdjxjZ8VV/UJDk

    Score
    1/10
    • Target

      adnexus-prebid.js

    • Size

      1KB

    • MD5

      bed882b7ec57a69d88cb691daaff1015

    • SHA1

      ffd61cf639f8f090d9f3392f1cdebe97a9c8f40e

    • SHA256

      4eaf1084d537f0feb6b61f02d5e8be66f3c81b5aa02ac15fdc72d29d2916099d

    • SHA512

      49f64d7b8bde27dea2f579807d64117f83b304ab8fd3783538dc23e77dfdb8fed44f230cd1a58a3a1df8835ae17ad9dbc496b3095334fc7d444d67a5199f33f9

    Score
    1/10
    • Target

      adsafeprotected-ima.js

    • Size

      524B

    • MD5

      34e8e36cc71d565b32a80e2f06b07466

    • SHA1

      5f164badd2590fe361af5087ca29e380860bd912

    • SHA256

      d7253d7877b93c0b21af64f2321407c74aeb5585c1aa7f7e5eeedafb22627f67

    • SHA512

      2e9c57a3f40b0fb0abd368405c1a0f70ce5baeb5101745b1e8b38313916b024a67456b0a991761630b33d3bbc730546cc3ff52f68c243727825608edc28d7c72

    Score
    1/10
    • Target

      apstag.js

    • Size

      1KB

    • MD5

      f2afd250cbb0b759ff2aaf54d71411b6

    • SHA1

      47beee3faa815b8f2314de5bcc50f3554ff233b6

    • SHA256

      a40372250602dda1c7837f52bd2cd4d5a3ef023f9959362764f64d1a2f793bc1

    • SHA512

      eb23536205151d8d64433008d31ba4d3dc311cf97cf37d83736ee4b076b19b41595d53ec87033906c75e2d087591802d78be7f92cf7109d2c993185a6925345d

    Score
    1/10
    • Target

      blogger.js

    • Size

      1KB

    • MD5

      5fd461e2fa402f16cf5a67479a573194

    • SHA1

      6ad7c54693db4d1571297fce2f62bcea150cfb03

    • SHA256

      397a81500ce1ca539a69e8c35cb4492bb7e31d9b36462487546847dcf6f83683

    • SHA512

      8b52c33125793ea31a814456e370c0ed48f8a8042160569fb976c23866402cad0b740162c5753b83a68784c7206e6911e83fd32ead2061d0f3235d77499a0d67

    Score
    1/10
    • Target

      bloggerAccount.js

    • Size

      2KB

    • MD5

      44ab0c63b2b0ee43f24870b743d8dac9

    • SHA1

      7430bd3e786240f333bb6ed523b8577d79137f40

    • SHA256

      577a1b14540a547f1797ff4d55b0c84599ef4c63264a1e6e50e479cc692aabaa

    • SHA512

      c37762ed648c77c01dd3d3cb1f12099ad4e9b7ba60539d34b38a9f116ec1dcfc429350f728a5e07cf9c57b6f77943b2bd41f002783e98d35b1ef728d81aa1000

    Score
    1/10
    • Target

      bmauth.js

    • Size

      530B

    • MD5

      ede18146b1d052a3e069c61143f82624

    • SHA1

      43cd4799a797fdc85a807c4c50255af7eafc177a

    • SHA256

      2d3a3d2be96ce36e2014231356b90d2d5415b19dd580ea63ec787516ebb76777

    • SHA512

      20845d059437ec7c14ada83874a7706f747d448cad28ca61d4b1fd975f0887af76290f28f9ecc4e9b635cb9bf776d6fccdc389b2a3c117f419e85e74ad1eab1f

    Score
    1/10
    • Target

      branch.js

    • Size

      1KB

    • MD5

      dec40d3862884040cffe1c4401866b6c

    • SHA1

      3a0432e66080f00acc69132a706483bf8d7f3574

    • SHA256

      aa4ac1ca3a7a18419f7fc2233eea1f173117d384145217c89156b4a1e6916c3f

    • SHA512

      1d989fd524909acb5049279748b1fc909801144cbd5a24a4ef1b6662e59e608598ce4bb4623211616355edf3bffd5f7e80d63d2c04590958294e39402fa6ee4a

    Score
    1/10
    • Target

      chartbeat.js

    • Size

      527B

    • MD5

      fdc93704cf0a1497e7b171c4b3f103ba

    • SHA1

      f34d6e265a11fb77a797e211fca77925769ce737

    • SHA256

      8611f60203f8714502c41abb6aa3555891d91ae18fc682fd4e4535fa269e9941

    • SHA512

      6b10f4a35b91a823e5240ae74842f4809622c751fb75cca02b5d4ae88ce39f7b798aa13897e95b2a566f2580d743f7204124055a9baf602e0b1285c38fda99b7

    Score
    1/10
    • Target

      crave-ca.js

    • Size

      1KB

    • MD5

      fedb54ffb621e9d457789023532b2f58

    • SHA1

      7db0d496abea676ad351bdbc066568bea5bb69bb

    • SHA256

      da7fc59e3743378238d56ea3aa9edd40d3daefd98c77b598ea48db2bf9d4fb5d

    • SHA512

      591c1b29a5fe065a93fd876ce1fa352df33b2c6d48b16fe8e7696c8443d6967e5d6533f89e09759d12d5d7ba953c8867418addbc22a328892a0260ccffa3503d

    Score
    1/10
    • Target

      criteo.js

    • Size

      1KB

    • MD5

      7dba265fe812bbe8902d392df86a7d53

    • SHA1

      d3393ca5d8c15e87e240c29d4b28419883342099

    • SHA256

      bcb81782443535cf1dde05361ede295434e0323c34185d7d9471be0132bcdd07

    • SHA512

      0e8a032426e3dbe6c1ce4616f9b7170ac8bea06b48ee499539e0ad8f45e141ed7b8b0ba4b2cfcdffbf9d554c6144758875f163a12f63b27196ed0c7397f6cc8c

    Score
    1/10
    • Target

      cxense.js

    • Size

      16KB

    • MD5

      ee187d6b44bed0511b19e3fc3929dd0b

    • SHA1

      cc4d0e2bbef323fbc106abb1f1e9141bc48ad1e8

    • SHA256

      f8c8c24c152c971c3732faf6acf005ddfc6e3e81e09cd0771019516bdb82bf77

    • SHA512

      84472d26eb446cb3b620f5f2c179f489fcd8c4d990ae6007353212b5f33f4afaf6611ac5cd8f941039ba562a9280e8203dd72501e0489d3e4fbbf5dbc4a6248a

    • SSDEEP

      384:qDWFCB/i+ekRH3KqVqNEJes8c07xEvzjPQr69Qeu9Q/YCk8c0Ss5w:RFCB/ifkRH3KqVwEJeX7QzjYrzCLBw

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
7/10

behavioral1

cerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral2

cerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral3

cerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10