Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

org.chromi...qE.apk

android-9-x86

10

org.chromi...qE.apk

android-10-x64

10

org.chromi...qE.apk

android-11-x64

10

Analysis

  • max time kernel
    51s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    16/11/2024, 07:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    org.chromium.Chromium.Py8uqE.apk

  • Size

    1.1MB

  • MD5

    deb0955dbe620ce3feaf28e381312e92

  • SHA1

    c68ce30d0f210f98a45da96828da1501855ca5be

  • SHA256

    a8ecd437766e7960bf5002c553dc047f50db750818bee1a3f0ffdff1633f0d1b

  • SHA512

    2f9dacbf1cdfb07673054d4061c05450a835abfe12df3345158e64f318bff2401ccca08e951c44b3f72ad78007d3f7b25b90fc93a46a74c6c2797694f361bdfb

  • SSDEEP

    24576:TRx5Ld7Odr8q4RxxNZBBrBju3sSfmLl0SJ5:T5Ld7Yp4b3zj8cl/J5

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://5.199.174.153

Signatures

Processes

  • com.safe.census
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5062

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.187.200
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.179.238
  • 142.250.187.200:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     8
    9
  • 142.250.179.238:443
    tls, https
    857 B
     40 B
     1
    1
  • 142.250.179.238:443
    android.apis.google.com
    tls
    4.0kB
     7.7kB
     16
    16
  • 5.199.174.153:80
    300 B
     5
  • 142.250.200.36:443
    tls, https
    454 B
     40 B
     2
    1
  • 142.250.200.36:443
    www.google.com
    tls
    8.7kB
     12.9kB
     29
    36
  • 172.217.16.238:443
    520 B
     10
  • 216.58.204.66:443
    520 B
     10
  • 5.199.174.153:80
    420 B
     7
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.187.200

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.179.238

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.safe.census/app_DynamicOptDex/UBFpLdj.json
    Filesize

    64KB

    MD5

    7214397ffea5f5ec2fffb54575ee2b28

    SHA1

    167eb57fe33de7c6acbd51c035fcd34ea34d93e6

    SHA256

    664bbfd8a94f04b22cd5566db20c140a5eb2b18654dc340509eb863430f97775

    SHA512

    01a2e47f8330341078dc8f1cb00d6c51de54e5ee67d4086d7569de467ca079c41d9b5a336005c8ba4c2f16406ca3a7759b6943ad41fa6b7321da6e30d75912bb

    Download Submit

  • /data/data/com.safe.census/app_DynamicOptDex/UBFpLdj.json
    Filesize

    64KB

    MD5

    3ddbe17ba721ae9041a15bc0375132d4

    SHA1

    3c172419a32d2b154e2c3a378ba911ad674bae84

    SHA256

    91592f60901988a021be52b7dd8a961f030f0a8820fbae9a9edbc2fae05175eb

    SHA512

    c45fa45736cb8882ac22b581a012327acf1a6383828a22df0838516e44404f88d2b73bf5d5904c00f5332d66223210730610ca4db2f13320982889769b0f2196

    Download Submit

  • /data/data/com.safe.census/app_DynamicOptDex/oat/UBFpLdj.json.cur.prof
    Filesize

    237B

    MD5

    01e86d175d1fba822bd0c6b9bdb59804

    SHA1

    55e0e40051470b153a94ae92898228e321378314

    SHA256

    0827fddb1e67b96545887ea7b42aaa217282c3feab1a54d89b900ca46539edb6

    SHA512

    cac14930a4c42554e7f1659f9b8c7359cc0731f367f83a0d838bda97132d4de0d09a82583fdfcb5d565877d2d2e9824b41c92e2f44c0a2cedc1194f15dc72904

    Download Submit

  • /data/user/0/com.safe.census/app_DynamicOptDex/UBFpLdj.json
    Filesize

    125KB

    MD5

    1e843ddc15570f24264b88bf9edd5c93

    SHA1

    e148a303cad43e1c864c48b899216a700910e5fa

    SHA256

    22474f2175411ee774a39eccb9f166db3a3b984c2522f6598988fcb51dfd8727

    SHA512

    9767fb201135963bfd24e6b3af0a45766bbc04b6e7916e72e5a11f760a3ffe6c64ea9faa7d3f4b30b9ea64c220db0a6b1d4507c2f5a5c7f7f5a80be00f31797c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.