Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

40160ca2c0...08.apk

android-9-x86

10

40160ca2c0...08.apk

android-10-x64

10

40160ca2c0...08.apk

android-11-x64

10

Analysis

  • max time kernel
    47s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    30/11/2024, 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40160ca2c099cba41d296b813a067a40c8ad81a78bf4f51e45078e998a6da808.apk

  • Size

    2.3MB

  • MD5

    ced0baef1e5e03ac0fe6cf5d49bf0f80

  • SHA1

    a049bbbbc4608563c2a27785f405226641817352

  • SHA256

    40160ca2c099cba41d296b813a067a40c8ad81a78bf4f51e45078e998a6da808

  • SHA512

    6ab76e7dfc0892507938fc4bf3708c572279ae07be453ebf04c0eec377bd9ed9ea1351494f484f89ba2c7c5bc682a1f8b0205336e0e3a2dc8a994f3b344f24e3

  • SSDEEP

    49152:W9GADysPU+R8GgPyIjPWfJXfENCNlPGRVboKEe8ZqSbcvtk3X0gvbbTW8ZvDLvEg:W9GozPtzgPyvJXfENIW1BEFqSgFWkK/l

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

cerberus

C2

http://vamosaversisalealgodeaqui1762.shop

Signatures

Processes

  • com.artist.essence
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4993

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.artist.essence/app_DynamicOptDex/ifnh.json
    Filesize

    60KB

    MD5

    6d1e2033eb295c10751e646ec47f6bdc

    SHA1

    1c84f5e13ff3366d3dfd6ab3ae4af57e3bb0bf7a

    SHA256

    ee481694546e458f1f08cf398a342221f0561ef21e7087b5f2887d96af13e14d

    SHA512

    2c6a66eb3f033cacf3bd42398db4be2ad183d143b7c8b7d7210a28bd543fc542c3b13cbb1322d88224d860d6f4d446670647240f454ebb8a3b705c74dea5c656

    Download Submit

  • /data/data/com.artist.essence/app_DynamicOptDex/ifnh.json
    Filesize

    60KB

    MD5

    2dddeeea5e3767e35d7ffd87b74ab0eb

    SHA1

    e541c08ec9e571a49db62111c12ed822a82be8d2

    SHA256

    2ffa7a93f00f53129669786e3d0cfdd22b4098fbdf61579956726a794ae84f6d

    SHA512

    b3705dc2c3df1c3b0f6e0b49becb84e1eb5333f9fb341579be255b935449399ac73ea3ffa35f580b02da451cffdcc91b0ae798728d46281ee7f46fc075a0eaef

    Download Submit

  • /data/data/com.artist.essence/app_DynamicOptDex/oat/ifnh.json.cur.prof
    Filesize

    806B

    MD5

    fa28f2e9d3b13747a2a24b4a358d5192

    SHA1

    593588b152b00b5bef9962ed35172100c9a11a66

    SHA256

    e94da4952cab7dd3f851f2f8acc0833847f02a878071b20ac7cbb05c5f5a7cb7

    SHA512

    fae7fef7d8be1b22eeb7cf4d81758a3e9590a68add1694b16b22dbe57fc25e3d09f72ffabf445ec218b5191bf371190e477c8b95d6f3351aeabe561dd1627d4c

    Download Submit

  • /data/user/0/com.artist.essence/app_DynamicOptDex/ifnh.json
    Filesize

    116KB

    MD5

    4106683f9a42bad514258325c73ab227

    SHA1

    ca59630b1ccf9914573d0a3c5fc3ff5c4b65ad29

    SHA256

    514570a8efc9a3b8b0c5ad02c8bc10496b70cf14f9a5daf77cb7d1a55aa20678

    SHA512

    e5cd0c22797bd482ce6d67eba3ee79627319f645cf73c1872d88c6d41a62a356696a7671d8c66de9be565772d104df2418a6b7db1c1d7216d64757c50452818e

    Download Submit