com.service.app.fake
android.intent.action.MAIN
com.service.app.AY2Gjr60JHKQ
android.intent.action.SENDTO
android.intent.action.SEND
com.service.app.IndexACT
android.intent.action.MAIN
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
sample
-
Size
5.1MB
-
MD5
ba2160d4969e8ae5af87638de8fd877a
-
SHA1
aa0e4fd47f2e806d8ffa2debc1325c6b1f1c2237
-
SHA256
6485ead2248298b48d4e677d3fb740b8ce8688bc7b4adb7a4d2ac3af827da46b
-
SHA512
b250c62845509736ac1c729777f89ae28275161b1103ed280d507b30e3bfee7a674bef752edae552d45fb6e2b9e5161582813c8d398d7776845b9be76878f1a7
-
SSDEEP
98304:lSzjfwxWeA9z9h78Rhz9y0+CkteiHvGyXztnwww2wYwvwzHHfroN7:lej39z9+0Zvte2vGyXztwhjJ4W
Score
10/10
Malware Config
Extracted
Family
cerberus
Attributes
-
uri
/gate.php?action=botcheck&data=
/gate.php?action=checkAP&data=
/gate.php?action=getModule&data=
/gate.php?action=getinj&data=
/gate.php?action=injcheck&data=
/gate.php?action=registration&data=
/gate.php?action=sendInjectLogs&data=
/gate.php?action=sendKeylogger&data=
/gate.php?action=sendSmsLogs&data=
/gate.php?action=timeInject&data=
Signatures
-
Cerberus family
-
Declares broadcast receivers with permission to handle system events 1 IoCs
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Declares services with permission to bind to the system 1 IoCs
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE -
Requests dangerous framework permissions 11 IoCs
description ioc Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE
Files
-
sample.apk android
com.application.chronme
com.service.app.fake
Activities
Permissions
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.CALL_PHONE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_PHONE_STATE
android.permission.REQUEST_DELETE_PACKAGES
android.permission.RECEIVE_SMS
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.READ_CONTACTS
android.permission.WAKE_LOCK
android.permission.SYSTEM_ALERT_WINDOW
android.permission.FOREGROUND_SERVICE
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.QUERY_ALL_PACKAGES
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE
Receivers
com.service.app.Main.ReceiverDeviceAdmin
android.app.action.DEVICE_ADMIN_DISABLED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED
com.service.app.nH39R2Zl2N66
android.provider.Telephony.WAP_PUSH_DELIVER
com.service.app.Main.smsreceiver
android.provider.Telephony.SMS_DELIVER
android.intent.action.BOOT_COMPLETED
Services
com.service.app.S06v8iCcu0o4y
android.intent.action.RESPOND_VIA_MESSAGE
com.service.app.Services.Access
android.accessibilityservice.AccessibilityService
Android Permissions
sample
Permissions
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.CALL_PHONE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_PHONE_STATE
android.permission.REQUEST_DELETE_PACKAGES
android.permission.RECEIVE_SMS
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.READ_CONTACTS
android.permission.WAKE_LOCK
android.permission.SYSTEM_ALERT_WINDOW
android.permission.FOREGROUND_SERVICE
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.QUERY_ALL_PACKAGES
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE