Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

53e26b14bb...fa.apk

android-9-x86

10

53e26b14bb...fa.apk

android-10-x64

10

53e26b14bb...fa.apk

android-11-x64

Analysis

  • max time kernel
    3426306s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    26/12/2023, 04:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53e26b14bbe63d9bb61c1688df9304fa.apk

  • Size

    3.6MB

  • MD5

    53e26b14bbe63d9bb61c1688df9304fa

  • SHA1

    b8dafae1ea3eaccfdd5f320f2ba673ee56042083

  • SHA256

    3467d2b744b5609bb03f0af1916e50cfd1ceb2587b097b9bd0617031b59cc38a

  • SHA512

    0291429c7592b93525f4db4a0ebe1b5947af9be5bd9b9602f56b937f94609f274d6cd4aacf390ca870fd1f0253391379f719697939c11c803ae9662596fabf02

  • SSDEEP

    98304:TdSJSpELHkHKfZpQ0WoF0GRE1mCjPhXdR8L2dpggoe:BcSpYgKBWG0ICNdRlLnH

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://144.91.97.46

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • basket.leopard.penalty
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/basket.leopard.penalty/app_DynamicOptDex/oat/roIx.json.cur.prof
    Filesize

    214B

    MD5

    b588094c77b7fcf6516c0409b609b9b6

    SHA1

    7b5428741c9bda1951b29ebf174079edbe6e19d1

    SHA256

    92bf0281ff288c50838b896cedf997727ee4e9c40fec365de864c5e002063ad7

    SHA512

    e1060204757975bf311903099a8ca327f4ba36535bd57c06eb28f224544ab3c72ef0d165b8ca67678cc77daf84aafec8c2268f916c6b20f186b8cc73dcb491eb

    Download Submit

  • /data/data/basket.leopard.penalty/app_DynamicOptDex/roIx.json
    Filesize

    755KB

    MD5

    3e00386c5cb66d75e1fd58878d5504c8

    SHA1

    8e69619d4006b4427c66741073f9b6f6f0addba4

    SHA256

    5b8b4cd30c118b9cec8a38181f902c7caae6180b14fbc4eb914e33843a073daf

    SHA512

    42070d92050d93156e334e2ef172a61e7698e9afd913f9aa82ef498b24552d8737c994eecd0d48d18fbacfbffc58646e613064a0e28d046ee61e9a18dc81a23a

    Download Submit

  • /data/data/basket.leopard.penalty/app_DynamicOptDex/roIx.json
    Filesize

    755KB

    MD5

    40e8e800a6f2b772f4e74ccfa90b927f

    SHA1

    5819b6923bfcf925a03cde25ddb3b2685d63e154

    SHA256

    bfb1d595d6a15a64d34c4c1e3c693414e395e85f3b9eed5cb7cef0a4c43b11e6

    SHA512

    84e082fc14c9537d47773752dff4a37b31f0369a490d7c81a1978c1f5435dfa6ebb753bf28df921542be4b70fe54540b7e73b271f0573a1eb15c33175d8717be

    Download Submit