Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

ee6073c70f...cd.apk

android-9-x86

10

ee6073c70f...cd.apk

android-10-x64

10

ee6073c70f...cd.apk

android-11-x64

10

Analysis

  • max time kernel
    51s
  • max time network
    156s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    17/01/2025, 22:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee6073c70f9a0e17bae4ade995f7d6d3a0b8b9a1b19aaffb73039b94196043cd.apk

  • Size

    1.5MB

  • MD5

    da1f40de0c3a83308132236761e343fa

  • SHA1

    300af550a894f19954bf0e89b17c42518a62ffed

  • SHA256

    ee6073c70f9a0e17bae4ade995f7d6d3a0b8b9a1b19aaffb73039b94196043cd

  • SHA512

    616760d9903e36273721cf7d52f4c208628c93eb49bfaaf21457579faed1ea3bb3a666348801de41c489aebded84d8cb9adf58837f9c6c90a3fe28d040ab393a

  • SSDEEP

    24576:P5f2WdRojRga4uV+GzWhRa6NnSyA69gALDBd//A0pMCMhr09SC3c9WXSpLB4/3DZ:P5QgNuQTHk0qar/8Bm9SGEjLKl

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://62.109.13.217/

Signatures

Processes

  • com.spawn.hen
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4316

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.16.238
  • 172.217.169.74:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 142.250.187.238:443
    tls, https
    915 B
     40 B
     1
    1
  • 142.250.187.238:443
    tls, https
    915 B
     40 B
     1
    1
  • 172.217.16.238:443
    android.apis.google.com
    tls
    3.0kB
     6.7kB
     14
    15
  • 62.109.13.217:80
    180 B
     3
  • 62.109.13.217:80
    420 B
     7
  • 142.250.200.2:443
    tls
    135 B
     40 B
     2
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.16.238

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

SMS Control

1
T1582

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spawn.hen/app_DynamicOptDex/oat/tDMCAw.json.cur.prof
    Filesize

    151B

    MD5

    e128a86fcccd7379a1dd3a91e8087392

    SHA1

    c9277c9fc2170addab85880d87abb434fdd6efb2

    SHA256

    a2844e77804e4c1ef959ceded82e5af27ffc676266c633ea96143a1da099f9d7

    SHA512

    97679d9d0b648c45799962ceb9f92fc8b6b9021b938aa1b0fdb6f115b6e606e8748306d9dbc501abac1fee499e6f65fff01d5cba1a72500d9d83949fbd02e56a

    Download Submit

  • /data/data/com.spawn.hen/app_DynamicOptDex/tDMCAw.json
    Filesize

    64KB

    MD5

    7bc199cd2d2cad4084b00bcdbdcabd47

    SHA1

    4db3d2f3061de590a3f68d1d887dfb12c95220d5

    SHA256

    e42ab0a079d71bb4ba70b09f11449318b8b098e70ce5d16e41fa416a8364c2e5

    SHA512

    fd483cfed692d9ac5ed326210b30f97638ab3f412e21b579cf21eb5110c216ea536c005932fde4ba1d933e4bdaf3199502f9b6d110e159f34ac9e767d9a4696a

    Download Submit

  • /data/data/com.spawn.hen/app_DynamicOptDex/tDMCAw.json
    Filesize

    64KB

    MD5

    a3272bf2e1aa3053474b57d4d58908a7

    SHA1

    759a108dddbb5ba0bc6437f11da7c6734a59eb61

    SHA256

    32e44455258e32a49b08c26cc2581a9911d254fabf95e570c57bfcc6ccf511c8

    SHA512

    d1a251f1ba98f5071186e8dfe2848d3323dd919ccd061a1e6b0bbf93d80a36315d22963eb5047e6489c9242d91d522dc763b6686eb90200759b0ea7002058c67

    Download Submit

  • /data/user/0/com.spawn.hen/app_DynamicOptDex/tDMCAw.json
    Filesize

    118KB

    MD5

    4c547b8533f6d0c8b84a52f8fbc4ad13

    SHA1

    d8be8c20aca6d7a9348e221ad213555afcddb7e6

    SHA256

    02d27d45c00f8af66aa0137dea77072fba44d0fe2aa6dd7d09106442df9e805d

    SHA512

    6e1de7950ef6df1b0fe088d74b225fed8097abc917bf37ef9305fed5261b3908d3907ce37cd8a0dbb72f7d5e3f4dc231892853914b6077d659fee9d8d9a6f151

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.