Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

724326854d...38.apk

android-9-x86

10

724326854d...38.apk

android-10-x64

10

724326854d...38.apk

android-11-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    146s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    24/01/2024, 12:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    724326854d7a9a690804dddd1b2a8238.apk

  • Size

    3.2MB

  • MD5

    724326854d7a9a690804dddd1b2a8238

  • SHA1

    77648e958dae35902a2da8e78abf1f63df6fbaff

  • SHA256

    ea467ca29a1c33e37ae7beac8fe68f2866cb9dcaacb579ec3b53fff70e17b1fa

  • SHA512

    bcdede85ed64d46007907e03fefda9170bdbbdd05ebcc83a42fc7aed54aa3fcf529dcd348e3bf9ed044e805a1e5e6861d589b7a10c86440c66d0254230fc7f71

  • SSDEEP

    49152:FjswnszFXACO2rlrANH99yeSmjpHe/4zXLc8CycUsrYPPbk5/Ehi7vXBYc:4ZACOIW9EeUIbc8WUa4kGyp

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://147.182.194.197

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Tries to add a device administrator. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • chronic.scale.junk
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Tries to add a device administrator.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4465

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.200.40
  • 142.250.200.46:443
    tls, https
    695 B
     40 B
     1
    1
  • 142.250.200.46:443
    android.apis.google.com
    tls
    5.6kB
     8.9kB
     22
    23
  • 142.250.200.40:443
    ssl.google-analytics.com
    tls
    1.3kB
     5.9kB
     8
    8
  • 147.182.194.197:80
    300 B
     5
  • 142.250.180.4:443
    tls, https
    915 B
     40 B
     2
    1
  • 142.250.180.4:443
    www.google.com
    tls
    11.3kB
     12.4kB
     30
    36
  • 147.182.194.197:80
    420 B
     7
  • 172.217.169.10:443
    https
    51 B
     50 B
     1
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 142.250.178.14:443
    https
    51 B
     50 B
     1
    1
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.200.40

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/chronic.scale.junk/app_DynamicOptDex/bYgKFBW.json
    Filesize

    713KB

    MD5

    4b5ff17fa44ee3b99df6bdf832e73e48

    SHA1

    67bc08ff270c6124106aa13e173294e30b6cb6f3

    SHA256

    0f8d87d9160915c80c66f4e09bd725a4109bde3b1a56d79aabb85093464c557e

    SHA512

    b9a57e21a5df181f79112ad23850885299aa669a8636643f0e9613e6a69699a60f9b4967f5cee864bc1d1e48b3e6cbb53b094bb5592ee8c6a873644d8226c53e

    Download Submit

  • /data/user/0/chronic.scale.junk/app_DynamicOptDex/bYgKFBW.json
    Filesize

    713KB

    MD5

    ef910dd30bfa0e174b9196f1d67c66d7

    SHA1

    2120e71352e1499a25bf1ac6400ec062cb7c532e

    SHA256

    68959304663b582441f785297cf3a5e6f2fd261f19346ea8026bb849d9f495cc

    SHA512

    1151ed9cdebcb9a7f23604626cae1a44560344a7c97bd9c9986abacd6cbef8cf5a3c978fab116e650488bd202f786aa50c17dcbf211dd4da69b5d67aff177037

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.