Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

ae81f90811...18.apk

android-9-x86

10

ae81f90811...18.apk

android-10-x64

10

ae81f90811...18.apk

android-11-x64

Analysis

  • max time kernel
    61s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    04/04/2024, 03:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae81f90811749ff7fa5dd524bef3e50a_JaffaCakes118.apk

  • Size

    2.6MB

  • MD5

    ae81f90811749ff7fa5dd524bef3e50a

  • SHA1

    fd88462e3c6369ace6eaef53170290fa753ad83f

  • SHA256

    9d8aee08d3e74c40e0c4bae1bfca12b4a3e35c4a44197d6ff0cae3811ed43927

  • SHA512

    9a8bf5d87ab82521143d2e09f68c948f9e91ee6bf4224700c0e7be2d0a975348b564cdabfe3a053954b7d5839a2417762075d06492708e5ee9cf7750247d5407

  • SSDEEP

    49152:tdtVtu+1bysjRG2sZnGUTINl96IMsjqR4HmMktOc8lyhfIEA8:jtVM+AsjRGHZDPIWUmMYL8lyfIn8

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://194.163.187.220

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.settle.genius
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4279
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.settle.genius/app_DynamicOptDex/XeygHJ.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.settle.genius/app_DynamicOptDex/oat/x86/XeygHJ.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4305

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.settle.genius/app_DynamicOptDex/XeygHJ.json
    Filesize

    124KB

    MD5

    abde4a62320c399e823f36367ad5a836

    SHA1

    8167e2574659e66d76fe63293acd44798a69abf0

    SHA256

    cc8b87b26ab5f23194d0a630d719e9768938e07053a13c21eb67738e59adb588

    SHA512

    b01da44df574058a42ba178cd52892191644b8765ba3421e2c3eb12377a0e7b60dd758b96b046d9ffd998336b0d31a9ff696bfc857bccedb13e0471dae03c176

    Download Submit

  • /data/data/com.settle.genius/app_DynamicOptDex/XeygHJ.json
    Filesize

    124KB

    MD5

    71b1ffbcd25b4264ce2e1042ea49ad05

    SHA1

    968bcd10103df018a119b91302bfc34f96a9dcc4

    SHA256

    49bc89e9b5873d86fe666b08c93eac2321ca3aa45170d4eea157bc69a658d115

    SHA512

    5615249972abeccf6fe1e470e72896a27de63c16dfe49f807b50a96539d53fee52f451f6ef94b7fc4659ed35bed5282c58b3f56d4aef29cd387fbd74a4a21aea

    Download Submit

  • /data/data/com.settle.genius/app_DynamicOptDex/oat/XeygHJ.json.cur.prof
    Filesize

    820B

    MD5

    ea271bc5344896bbecb3786c292c3b80

    SHA1

    52df346ac29197967679d1e2718bc564e5a2a4cb

    SHA256

    cbfada84c2bdb00aa2667bc2e9e8350eb51befa6c713f9fd1ad80eaba5150d47

    SHA512

    daf07d8f85adf4e7835673b61b0cfd5a4f3533a58d406cd3390892b9e29510dd1f74d76101c1e796a8bb78ecacb8eefc477df02b9e56b9a37ca1a2a0edbeabbc

    Download Submit

  • /data/user/0/com.settle.genius/app_DynamicOptDex/XeygHJ.json
    Filesize

    124KB

    MD5

    68945685915c1ca68fc171d550118216

    SHA1

    71c8053f086e6bab38ef3ae4d516227d5a93d4c1

    SHA256

    9d23c7a671c463f1d6ff0dac1bbaa087072707ecead94217aa07d9a0923a3dd6

    SHA512

    700bd5647e25b829d07b4eb2d9e697dd57c61311feebf6e1e9257112864534db1c657fb8b8ca1c1f7cbfb84bb799f03fa42a028f969956dc089f0579059b720f

    Download Submit