Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

e47c787c81...2b.apk

android-9-x86

10

e47c787c81...2b.apk

android-10-x64

10

e47c787c81...2b.apk

android-11-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    167s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    30/12/2024, 22:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e47c787c819e88bd2188bc2016d974cf5b21ab278c811c6f80b2c8731c5b162b.apk

  • Size

    2.0MB

  • MD5

    d40038df72ee6bb8a9a78ef60dc8b015

  • SHA1

    d842cc95bef6e9ec848a50f2ce255e835f4b1327

  • SHA256

    e47c787c819e88bd2188bc2016d974cf5b21ab278c811c6f80b2c8731c5b162b

  • SHA512

    1cdb26a82bc2048cacf812864f1660459a87c4fb4044981db0ad0d8f324a47a4f88b812ede96f248b616be0e8c9d6ac5d21e1232891c98b99abea2c69321e82d

  • SSDEEP

    49152:Cs1w/M6NuHSaK2P/hVkZdUtnD4WHKNHaNcOvem1/l:CsFKpGvWUD9HKNKem1N

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://5.75.176.47

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus family
    cerberus
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.sentence.senior
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    • Checks memory information
    PID:4815

Network

  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    142.250.187.238
  • flag-us
    DNS
    freeiconshop.com
    Remote address:
    1.1.1.1:53
    Request
    freeiconshop.com
    IN A
    Response
    freeiconshop.com
    IN A
    195.179.237.77
  • flag-us
    DNS
    pngimage.net
    Remote address:
    1.1.1.1:53
    Request
    pngimage.net
    IN A
    Response
    pngimage.net
    IN A
    104.21.33.28
    pngimage.net
    IN A
    172.67.140.187
  • flag-us
    GET
    https://freeiconshop.com/wp-content/uploads/edd/android-flat.png
    Remote address:
    195.179.237.77:443
    Request
    GET /wp-content/uploads/edd/android-flat.png HTTP/2.0
    host: freeiconshop.com
    user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
    accept: image/webp,image/apng,image/*,*/*;q=0.8
    x-requested-with: com.sentence.senior
    sec-fetch-site: cross-site
    sec-fetch-mode: no-cors
    sec-fetch-dest: image
    accept-encoding: gzip, deflate
    accept-language: en-US,en;q=0.9
    Response
    HTTP/2.0 200
    cache-control: public, max-age=31536000
    expires: Tue, 30 Dec 2025 22:03:03 GMT
    content-type: image/png
    last-modified: Mon, 20 Nov 2017 16:17:50 GMT
    etag: "262e-5a13002e-2bcbf6f4ea0f20d9;;;"
    accept-ranges: bytes
    content-length: 9774
    date: Mon, 30 Dec 2024 22:03:03 GMT
    server: LiteSpeed
    platform: hostinger
    panel: hpanel
    content-security-policy: upgrade-insecure-requests
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
  • flag-us
    GET
    https://pngimage.net/wp-content/uploads/2018/06/white-tick-png-8.png
    Remote address:
    104.21.33.28:443
    Request
    GET /wp-content/uploads/2018/06/white-tick-png-8.png HTTP/2.0
    host: pngimage.net
    user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36
    accept: image/webp,image/apng,image/*,*/*;q=0.8
    x-requested-with: com.sentence.senior
    sec-fetch-site: cross-site
    sec-fetch-mode: no-cors
    sec-fetch-dest: image
    accept-encoding: gzip, deflate
    accept-language: en-US,en;q=0.9
    Response
    HTTP/2.0 522
    date: Mon, 30 Dec 2024 22:03:22 GMT
    content-type: text/html; charset=UTF-8
    content-length: 7064
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ENhWoVX2ixa1ht%2BkItNoUvDuOkSykYjDNW%2BaSmNSmAQ%2FgUxitnHQc2t4XoE%2BEUSdMh%2Ff0XmUspO%2F46D9DjridE%2BdIUtJ1SIVm1ZJbMpRHGxZ3XjISeEHyOq4%2FgYleY%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    x-frame-options: SAMEORIGIN
    referrer-policy: same-origin
    cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    expires: Thu, 01 Jan 1970 00:00:01 GMT
    server: cloudflare
    cf-ray: 8fa55150cee49505-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=30207&min_rtt=27128&rtt_var=7830&sent=6&recv=11&lost=0&retrans=0&sent_bytes=3193&recv_bytes=1059&delivery_rate=98603&cwnd=229&unsent_bytes=0&cid=ba998776a0ea121e&ts=19500&x=0"
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    172.217.16.232
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 832
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:03:31 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:03:41 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:03:51 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:04:01 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:04:11 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:04:22 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:04:31 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:04:41 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:04:51 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:05:01 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:05:12 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • flag-de
    POST
    http://5.75.176.47/gate.php
    Remote address:
    5.75.176.47:80
    Request
    POST /gate.php HTTP/1.1
    Content-Length: 840
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86_64_arm64 Build/RSR1.210722.013)
    Host: 5.75.176.47
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.22.1
    Date: Mon, 30 Dec 2024 22:05:22 GMT
    Content-Length: 23
    Connection: keep-alive
    Content-Encoding: gzip
    Vary: Accept-Encoding
  • 216.239.34.223:443
    tls
    116 B
     40 B
     1
    1
  • 142.250.187.238:443
    tls, https
    695 B
     40 B
     1
    1
  • 142.250.187.238:443
    android.apis.google.com
    tls
    1.1kB
     4.5kB
     9
    7
  • 142.250.187.238:443
    android.apis.google.com
    tls
    2.6kB
     6.2kB
     12
    11
  • 142.250.178.14:443
    www.youtube.com
    tls
    2.1kB
     8.3kB
     18
    15
  • 142.250.187.238:443
    android.apis.google.com
    tls
    2.6kB
     5.9kB
     12
    11
  • 195.179.237.77:443
    https://freeiconshop.com/wp-content/uploads/edd/android-flat.png
    tls, http2
    2.2kB
     15.3kB
     22
    18

    HTTP Request

    GET https://freeiconshop.com/wp-content/uploads/edd/android-flat.png

    HTTP Response

    200
  • 104.21.33.28:443
    https://pngimage.net/wp-content/uploads/2018/06/white-tick-png-8.png
    tls, http2
    2.1kB
     12.0kB
     20
    16

    HTTP Request

    GET https://pngimage.net/wp-content/uploads/2018/06/white-tick-png-8.png

    HTTP Response

    522
  • 195.179.237.77:443
    freeiconshop.com
    tls
    1.1kB
     4.5kB
     10
    8
  • 172.217.16.232:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     9
    9
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.4kB
     415 B
     6
    4

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.4kB
     415 B
     5
    4

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.4kB
     415 B
     5
    4

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.4kB
     415 B
     5
    4

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.4kB
     415 B
     5
    4

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.4kB
     363 B
     5
    3

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.3kB
     363 B
     4
    3

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.3kB
     363 B
     4
    3

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.3kB
     363 B
     4
    3

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.3kB
     363 B
     4
    3

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.3kB
     363 B
     4
    3

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 5.75.176.47:80
    http://5.75.176.47/gate.php
    http
    1.3kB
     363 B
     4
    3

    HTTP Request

    POST http://5.75.176.47/gate.php

    HTTP Response

    404
  • 216.239.32.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 142.250.200.46:443
    www.youtube.com
    tls
    135 B
     40 B
     2
    1
  • 142.250.179.225:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.200.33:443
    tls
    135 B
     40 B
     2
    1
  • 216.239.32.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 216.239.32.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 224.0.0.251:5353
    3.8kB
     12
  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
     319 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    142.250.178.14
    172.217.169.78
    216.58.204.78
    172.217.169.14
    216.58.212.206
    172.217.16.238
    142.250.200.14
    142.250.180.14
    142.250.200.46
    142.250.187.206
    216.58.201.110
    142.250.179.238
    216.58.212.238
    142.250.187.238

  • 1.1.1.1:53
    freeiconshop.com
    dns
    62 B
     78 B
     1
    1

    DNS Request

    freeiconshop.com

    DNS Response

    195.179.237.77

  • 1.1.1.1:53
    pngimage.net
    dns
    58 B
     90 B
     1
    1

    DNS Request

    pngimage.net

    DNS Response

    104.21.33.28
    172.67.140.187

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    172.217.16.232

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sentence.senior/app_DynamicOptDex/JYe.json
    Filesize

    54KB

    MD5

    d9c0133cb61e19cff9c8042fc0d4cbb1

    SHA1

    49f8d4e6fed804bdea3046f5722ea5ea8b90e263

    SHA256

    7779eaef93c278741cc6f8d95e7137397f3479efe17a9081f6d4004dab539849

    SHA512

    abeac8316ace4f78cb935a52db25b40b8360c02b6325887350c620780fe46f9387bb350b4bb4f57917946b60f75af25ad9fc7abf4fd227a5ae27c81e97b54b4d

    Download Submit

  • /data/data/com.sentence.senior/app_DynamicOptDex/JYe.json
    Filesize

    54KB

    MD5

    8bfac8049f12e5e2dead73943dff5726

    SHA1

    8362787fd6eb292ee30d31493f962e72cfedebdb

    SHA256

    86d794727c347e091e4e6cd286a2392b39da15ef27a113d03a48c715e79ff67c

    SHA512

    c4559ae4d83f137ca498c5d830622e10d83d92e9f89ad0e4a984ba241b5f3c818803614167df7a0c5c0590e8156b4368e03a2328a07187337d50f243bf1a073b

    Download Submit

  • /data/user/0/com.sentence.senior/app_DynamicOptDex/JYe.json
    Filesize

    102KB

    MD5

    51809b6bb1b61100944d3dc23b31b40e

    SHA1

    a22b9dae49cd88724bf089e0a9cd87d61150ba94

    SHA256

    9321b44bebde5bc321aa1618aaf8e91571dcb2f068aa9bed5d9c936b43fb2027

    SHA512

    42014decb8e52efd198321134c6c7c547fc30718576c2d8bca9cd410782cdc9b3753d7400e75f82c081873d29de96c5175be90d22647390d4f003c811cc06f43

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.