Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

8fd36fd780...18.apk

android-9-x86

10

8fd36fd780...18.apk

android-10-x64

10

8fd36fd780...18.apk

android-11-x64

Analysis

  • max time kernel
    50s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    02/04/2024, 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fd36fd78059b612caf4306f86f8f5da_JaffaCakes118.apk

  • Size

    3.0MB

  • MD5

    8fd36fd78059b612caf4306f86f8f5da

  • SHA1

    eff37afe2ee8864c5cdee7e07b3184a07627fcc0

  • SHA256

    bf741ef4c2558d5b8485c6de61c64e578a8198d1d050a1e1566b5e10bee207ec

  • SHA512

    ed3ab1276e8bc7cf69eb54176c491d3c63ee23d9f0d55940f322551e79941205ff194fc3d29845b1be2ca06518b0aecac6ff1735ed293964a986572a5f63f00c

  • SSDEEP

    49152:8OQRxguYJzjIt06xq/9OxeSyA6G3BOixe+zthSRfZiNUkyxlL:pHxjIfxq8cSypG3bMCex0UzrL

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://185.182.8.36

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.quote.couple
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5051

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.quote.couple/app_DynamicOptDex/CsIa.json
    Filesize

    124KB

    MD5

    3de2232080ac6a4811995b7c1bf825e4

    SHA1

    ef2ee8bd6c8c7b9903ff93807ca83d2b9ef5e475

    SHA256

    6d046f6aa352743571a732a3edad4a38b735a669496448224b28203e4dcd6f19

    SHA512

    506093e6719522b94bf6cb9812d7ae465847536c5bb35f579932628f8501377579dceceecf29da02d501fecf7c83986d68e2884a92e4a39fb6d95295354cf606

    Download Submit

  • /data/data/com.quote.couple/app_DynamicOptDex/CsIa.json
    Filesize

    124KB

    MD5

    cf7cfec4ae47494ee1a2b04e5f3a7905

    SHA1

    a80188bfc50dda4d628f4bd98f3549b8e1712b7c

    SHA256

    fec13c43a4c96f9df124f937a9f79b07e237812d768a813b7c6179cd95a40688

    SHA512

    e763081559bf7b1b8570f46407ecf8254de1464219b173021ab3bd3c23d3c1ebcf4eab4268c8b43ad480b91183c219125069fed4c3723cbd6c39817dc5d792ff

    Download Submit

  • /data/data/com.quote.couple/app_DynamicOptDex/oat/CsIa.json.cur.prof
    Filesize

    193B

    MD5

    bd5b5baafbf6b37fba1484fac85d72e7

    SHA1

    b088139c4bcd9b7a6753e0a28d8e475aaabad251

    SHA256

    6d9ce41d799bf7825cb17a7b95ad658a55c43a3ba2e9633ce070817a587795d4

    SHA512

    43da4a1ee98b3760a7e727511929ea2057b0ccb9bdc94359491b1b7a06d37a528592811a8bfc1227e41f62e95295a31cc74eed7032ad0b28eb0e7e805cb91d24

    Download Submit