Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

947c8d4414...8e.apk

android-9-x86

10

947c8d4414...8e.apk

android-10-x64

10

947c8d4414...8e.apk

android-11-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    15/02/2024, 22:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    947c8d44144d81f95a93fab15ebaae7fbfb63794f2a1a34eeedecb1007aa608e.apk

  • Size

    3.9MB

  • MD5

    5accee10223e4527eab88fba93403a0e

  • SHA1

    cddd2579a928cca9855f96fc0579d2b668792232

  • SHA256

    947c8d44144d81f95a93fab15ebaae7fbfb63794f2a1a34eeedecb1007aa608e

  • SHA512

    358bcd1c5f8a4e31670e6b01968d3ade123bc081cb3cd5d080551c84c26a8f6e29dab40acdf8b131499e341d1409d73bc90a08c4265bd1fde86c169943809e28

  • SSDEEP

    98304:IbSNi7wdynQlJ0GEswbTK4oytTl/6HnDH:IbSNi7KGgJ0o071t4H7

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://panamaxb.digital/

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 7 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • fringe.gadget.wage
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    PID:4919

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.201.104
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-us
    DNS
    panamaxb.digital
    Remote address:
    1.1.1.1:53
    Request
    panamaxb.digital
    IN A
    Response
  • 216.58.201.104:443
    ssl.google-analytics.com
    tls
    1.3kB
     5.9kB
     8
    9
  • 172.217.16.238:443
    tls, https
    857 B
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    6.6kB
     10.8kB
     18
    31
  • 142.250.178.4:443
    tls, https
    455 B
     40 B
     2
    1
  • 142.250.178.4:443
    www.google.com
    tls
    8.5kB
     11.3kB
     25
    37
  • 172.217.169.42:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    520 B
     10
  • 216.58.201.98:443
    520 B
     10
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.201.104

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    panamaxb.digital
    dns
    62 B
     130 B
     1
    1

    DNS Request

    panamaxb.digital

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fringe.gadget.wage/app_DynamicOptDex/UQDhhsU.json
    Filesize

    786KB

    MD5

    7a1dec2283f3fc2ae2837f56969baaad

    SHA1

    17d8469d664766a654b03a80ab500162ab775dd8

    SHA256

    ce081f7982ec6f4a0f7714e5424b8f39679b0033293d90e1c4597c542fb6bd80

    SHA512

    a8ebdf3fa4d9e83fc245c4f06484b52110f401eeeddb4a8513df4cb4643eace343953c2574652ab0481502326eb626890680d49b89b404a036899fd9c7e243b7

    Download Submit

  • /data/data/fringe.gadget.wage/app_DynamicOptDex/oat/UQDhhsU.json.cur.prof
    Filesize

    389B

    MD5

    cccf11d4c3b3fd9337c15eacb28a9f7d

    SHA1

    ddd2b490d0ac7917f4ac55e3214eeb24fb8ac1d5

    SHA256

    41d5dcec267b2940481fd4d3dd511251a39b17d7a60e7d39d069abf816306a18

    SHA512

    1124b6c276dfca71e9c6eb6c2cfce1aaf07fc821a3e06ac761f74843e061ed793347284ae2dde143f369fe553ca559145bd1bdd34b90314c6b4f63b4358e8034

    Download Submit

  • /data/user/0/fringe.gadget.wage/app_DynamicOptDex/UQDhhsU.json
    Filesize

    786KB

    MD5

    9dcb577c3701787eefd9f8030126d9d8

    SHA1

    dd58ad14d55b00c9d35c4ac9f24d2ef02c7c661b

    SHA256

    b2f7a4e2a4ef7f79c99fb3cfec5472d417ee200121ce4477e87260ecd75a4463

    SHA512

    513e467c5414287f903bcdf3c2a5bcb73d1dbdfe47953ac6f63b22641f8c61b9fb66256dd8bc5b22d7acb0c14f2b4cf6b5daa18660bfc04c1c376722ac9999e2

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.