Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

org.chromi...qE.apk

android-9-x86

10

org.chromi...qE.apk

android-10-x64

10

org.chromi...qE.apk

android-11-x64

10

Analysis

  • max time kernel
    66s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    16/11/2024, 07:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    org.chromium.Chromium.Py8uqE.apk

  • Size

    1.1MB

  • MD5

    deb0955dbe620ce3feaf28e381312e92

  • SHA1

    c68ce30d0f210f98a45da96828da1501855ca5be

  • SHA256

    a8ecd437766e7960bf5002c553dc047f50db750818bee1a3f0ffdff1633f0d1b

  • SHA512

    2f9dacbf1cdfb07673054d4061c05450a835abfe12df3345158e64f318bff2401ccca08e951c44b3f72ad78007d3f7b25b90fc93a46a74c6c2797694f361bdfb

  • SSDEEP

    24576:TRx5Ld7Odr8q4RxxNZBBrBju3sSfmLl0SJ5:T5Ld7Yp4b3zj8cl/J5

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://5.199.174.153

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus family
    cerberus
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.safe.census
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4315
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.safe.census/app_DynamicOptDex/UBFpLdj.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.safe.census/app_DynamicOptDex/oat/x86/UBFpLdj.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4340

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.238
  • 142.250.187.206:443
    tls, https
    858 B
     40 B
     1
    1
  • 142.250.187.238:443
    android.apis.google.com
    tls
    3.7kB
     7.7kB
     12
    18
  • 216.58.204.74:443
    semanticlocation-pa.googleapis.com
    tls, https
    1.2kB
     40 B
     1
    1
  • 5.199.174.153:80
    420 B
     7
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     304 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.187.202
    142.250.200.10
    172.217.169.74
    216.58.204.74
    216.58.212.202
    172.217.169.42
    142.250.200.42
    142.250.187.234
    216.58.201.106
    172.217.16.234
    216.58.212.234
    142.250.180.10
    142.250.179.234
    142.250.178.10

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.238

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.safe.census/app_DynamicOptDex/UBFpLdj.json
    Filesize

    64KB

    MD5

    7214397ffea5f5ec2fffb54575ee2b28

    SHA1

    167eb57fe33de7c6acbd51c035fcd34ea34d93e6

    SHA256

    664bbfd8a94f04b22cd5566db20c140a5eb2b18654dc340509eb863430f97775

    SHA512

    01a2e47f8330341078dc8f1cb00d6c51de54e5ee67d4086d7569de467ca079c41d9b5a336005c8ba4c2f16406ca3a7759b6943ad41fa6b7321da6e30d75912bb

    Download Submit

  • /data/data/com.safe.census/app_DynamicOptDex/UBFpLdj.json
    Filesize

    64KB

    MD5

    3ddbe17ba721ae9041a15bc0375132d4

    SHA1

    3c172419a32d2b154e2c3a378ba911ad674bae84

    SHA256

    91592f60901988a021be52b7dd8a961f030f0a8820fbae9a9edbc2fae05175eb

    SHA512

    c45fa45736cb8882ac22b581a012327acf1a6383828a22df0838516e44404f88d2b73bf5d5904c00f5332d66223210730610ca4db2f13320982889769b0f2196

    Download Submit

  • /data/data/com.safe.census/app_DynamicOptDex/oat/UBFpLdj.json.cur.prof
    Filesize

    819B

    MD5

    0c885ac2e618d4fabe45e4ca9d94c8f5

    SHA1

    fc8e1d0642bdf490f16a26674b30646e38edaea5

    SHA256

    ed0496f470aed4b5a9ddc4b699f5f68f115e508fa9bf85f0bf2c2aab532d14be

    SHA512

    c72bb07b7754b562a3eac33042ef029d51941580d1bea38f63dfc660b16f9390cec860e7882a55b14aeaff7d6e77c069ec7300be8f05887399bfeaa77a596b25

    Download Submit

  • /data/user/0/com.safe.census/app_DynamicOptDex/UBFpLdj.json
    Filesize

    125KB

    MD5

    4461896c1cef4358086ec9d4a14c908c

    SHA1

    90e3a02235243334a5adce796bb314217e3f275e

    SHA256

    c28c6f6dc55b278bcd813a764456881cd44fa065b10f67d6c84901d268fa6ed0

    SHA512

    aa7aaaabeb203f1d2203003a6259f63fec44a4b858e4e4b1c63b62e9c039359bfeb343956c0bd97ae614ea85768b452080803d73457fd0ae9958f7ca0b30a569

    Download Submit

  • /data/user/0/com.safe.census/app_DynamicOptDex/UBFpLdj.json
    Filesize

    125KB

    MD5

    1e843ddc15570f24264b88bf9edd5c93

    SHA1

    e148a303cad43e1c864c48b899216a700910e5fa

    SHA256

    22474f2175411ee774a39eccb9f166db3a3b984c2522f6598988fcb51dfd8727

    SHA512

    9767fb201135963bfd24e6b3af0a45766bbc04b6e7916e72e5a11f760a3ffe6c64ea9faa7d3f4b30b9ea64c220db0a6b1d4507c2f5a5c7f7f5a80be00f31797c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.