Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

a517cf91ae...ba.apk

 

a517cf91ae...ba.apk

android-10-x64

10

a517cf91ae...ba.apk

android-11-x64

10

Analysis

  • max time kernel
    2484411s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20/12/2023, 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a517cf91ae88e25572bb63b02f2ac8daa1ce639084efaf22995b67e5625971ba.apk

  • Size

    1.7MB

  • MD5

    a9dc94e57fef85c9f77ad3e3847266e9

  • SHA1

    def03d968941f2e7d50166d80e4855057d5a5d45

  • SHA256

    a517cf91ae88e25572bb63b02f2ac8daa1ce639084efaf22995b67e5625971ba

  • SHA512

    fb780a5d28541b556f4c1e574798c7ffae4e84af12758939f9f663c25633eae650abed6df381ddb05e2e4e3df51b3ddcc9d9a7172f7d5c1876c5e1086e6b93b6

  • SSDEEP

    49152:6+mduyML94AQgmY1yOd2sadY4m7ryDrv/3aHbWSsxl:DXyKKMTysadYR7uDb/3kbI

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://teknoasaglik.club

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4473

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/oat/ojhy.json.cur.prof
    Filesize

    232B

    MD5

    620b952aa91cd9689f8ee47e3abc030d

    SHA1

    1454589ac3c1830f63793e1cbddf8efebeae7409

    SHA256

    0db951ef3251f314889e5922d3d6fd7528f559895d0ab7dc5e79b41c37c13156

    SHA512

    1a1c40b470b5c76776dd7dbdf21708334671806d2ecc2165886556c3e56fa4fdc4bbbcde83c4a3d03f2614702b65ab20f9da2583f12ca2ff12f5d7e115117414

    Download Submit

  • /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json
    Filesize

    666KB

    MD5

    4cf854b144a035d6f1f603b4f7f6869c

    SHA1

    93a225729f12aec59a78282f09b97b4532157141

    SHA256

    15f0e46a1d95cd99ad03be423e95b653925a62466289305efc2f627d5928ac7f

    SHA512

    c4e775dec71334f6f132e1892bd0db486c47afc508a01293531a3a60c75b1fe0b1f7c726d02a9c30982394d88e04e587c3c8b6d5a9b8224895000091d29c4973

    Download Submit

  • /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json
    Filesize

    666KB

    MD5

    97030e086f59a1cd4629affe1e1efbea

    SHA1

    d20821ddf5b9257d33d34c8eabc72abafa0fc5d2

    SHA256

    834e03730bcd35768b159144c5bb358712d4b3ec56734db668f60d8e8ea43bac

    SHA512

    f5880a9b206053b13aeb2ecd35c124c10d52b1b54fe85a20e9547da1d70f3b01bad4ab26ca64278f2734c0b8d03183728f7f04185e5ded27e7de145f0cf92e76

    Download Submit