Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

8208142864...c4.apk

android-9-x86

10

8208142864...c4.apk

android-10-x64

10

8208142864...c4.apk

android-11-x64

10

Analysis

  • max time kernel
    2344786s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20/12/2023, 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    820814286407aa630e0adc884e3fbedbbdff4d22b9903255a92774aed985b8c4.apk

  • Size

    2.0MB

  • MD5

    14ff75650664f17ca98599f6d4929f0f

  • SHA1

    fa82b235f9ffdeb0b8fe9cd78ea240a5f226b889

  • SHA256

    820814286407aa630e0adc884e3fbedbbdff4d22b9903255a92774aed985b8c4

  • SHA512

    811efa9d8aaf31b51ea6551516ddb7888a6a5a6f3ff011bbca33e72764d7197e6c53f8dbc7636474cc163944d77d3d21f828c5ee6c22830867f040c51a75d7bb

  • SSDEEP

    49152:Pn3MMNdECwVc1dflxQDsq4PMpgBigBIpnEh1i79La:Pn8M7ECwVc1dfliEJJ5K9La

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://135.148.120.117

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • com.elephant.myself
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4611

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.elephant.myself/app_DynamicOptDex/QY.json
    Filesize

    64KB

    MD5

    629425544d6a6e5421660c79adcd9c43

    SHA1

    cd422294c1543d5b4ca90d5b92dd0cb16ba6ea4f

    SHA256

    bd47641f4415877beb28eabc8940f4ab54f71474e949f3e104a68c067b738184

    SHA512

    143b1abc90ff5f26a1918c6aa4ccd71542780a693d0e43fd47c4953f245fa0bd0c73b757aebda6476614d26d2241c3a2630b8b0026530cab44d439464e299dcb

    Download Submit

  • /data/data/com.elephant.myself/app_DynamicOptDex/QY.json
    Filesize

    64KB

    MD5

    e953525051d425ddcb139aa534343265

    SHA1

    d339615a7183e3ce321e27336b58422ddab14e3c

    SHA256

    f4f524cb9fb7535d8e8148c76aab662d03df2845697baf0b328ab7baf29ddeda

    SHA512

    d5b4c2592f186229c699a6eaaba4d763976ae0c4d5e742eff31683496ec27cef18a64fc649872a47386fbf2fe978ef669e6a3301118c6494a9529308f91303c3

    Download Submit

  • /data/data/com.elephant.myself/app_DynamicOptDex/oat/QY.json.cur.prof
    Filesize

    161B

    MD5

    7f4f4fbbe8517a7cf79088f427244e53

    SHA1

    bb0c452f2e8d64cd641c876f6385ebcfe5ae5fda

    SHA256

    246e88b4e8295bd4299bbd3756196761dee82f926a9cd46744a78b279e785ad7

    SHA512

    3f42e0c42da2e018707bc18bd34d9211f36836ec78e74af186d10e5fae98186683a45b4998d4f2506f601cc516fa402b7d63fb2a09fd048ca16b3dada7a479e4

    Download Submit

  • /data/user/0/com.elephant.myself/app_DynamicOptDex/QY.json
    Filesize

    124KB

    MD5

    ee5f6ff8061e42d5aebe566248863966

    SHA1

    a294f94e06369315b09576e2c70278e09177d466

    SHA256

    c3e030b918ad545e186b80dd5a5cb1f09567aaf67863dbb34a3cc6be8c1c0ad1

    SHA512

    970bd5458c7f4128d8300619587dcb5ca236364a2b1e4a52719ffce1a4b43c371e20862f6dc9dfa2c6529fa0190df9a085579bc13b317c215d15e56e7a017733

    Download Submit