Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

6ef5e43779...05.apk

android-9-x86

10

6ef5e43779...05.apk

android-10-x64

10

6ef5e43779...05.apk

android-11-x64

10

Analysis

  • max time kernel
    61s
  • max time network
    143s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    02/02/2025, 22:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ef5e43779891bd57e08663c1f3085faa4c00546f86b65c02a95c56b65cb7b05.apk

  • Size

    1.6MB

  • MD5

    53f73916a84c20994d3bc3655e9e8c2c

  • SHA1

    f8e847095302db2fd64084ae379bfe94c8680953

  • SHA256

    6ef5e43779891bd57e08663c1f3085faa4c00546f86b65c02a95c56b65cb7b05

  • SHA512

    7567962262fd28c7d2267a3afd99217eedf484d485b6494b440fb08af56002c4f7c99bf360095902fcc9d89dee6e64de0683857671d2644a6d083702519e3075

  • SSDEEP

    24576:6p+ERCdw5FUMnFx3F9Lfj8dmyDy8JVxvfMmA8mPeIuwdm99FdOcaOMtM62Hs+p3u:6JYdrDyWDvfo8mGP/9FYyTs+9LLxNy

Score
10/10
cerberusbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerprivilege_escalationratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://83.136.233.183/

Signatures

Processes

  • com.lady.naive
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Tries to add a device administrator.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    • Checks memory information
    PID:4459

Network

  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-au
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.201.104
  • 172.217.16.238:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    5.6kB
     9.0kB
     23
    23
  • 142.250.187.206:443
    android.apis.google.com
    tls
    1.8kB
     6.0kB
     10
    10
  • 216.58.201.104:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     9
    9
  • 83.136.233.183:80
    300 B
     5
  • 142.250.187.196:443
    tls, https
    848 B
     40 B
     2
    1
  • 142.250.187.196:443
    www.google.com
    tls
    11.1kB
     11.5kB
     30
    38
  • 83.136.233.183:80
    420 B
     7
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.201.104

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

SMS Control

1
T1582

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.lady.naive/app_DynamicOptDex/YYWAcjA.json
    Filesize

    64KB

    MD5

    54cb2b3465aac4e820716e66fe7dca47

    SHA1

    f1cd36a489f6180b05ef626d9b746d340ddfaa16

    SHA256

    48b6911e007e1190b896b254dd1af26f0b1b2b983885c13c8bdbbd3f68411365

    SHA512

    cf33ee0a36957b5eaf4bdbbb2f52d746b648f3974681551e897a445d407d1c4dd62fdc7b33e4f879805b8859781644566f0f8e1eacf4bbfdf366e09646bc9706

    Download Submit

  • /data/user/0/com.lady.naive/app_DynamicOptDex/YYWAcjA.json
    Filesize

    64KB

    MD5

    4b9ceae4b200e6f6e7f1f4a6a55ac826

    SHA1

    55ab1e29105c118d60a564642ff3ee15475c00b3

    SHA256

    03bb3765f38b2763cf6309b5dc3f9064de0c48f59bf7d6a188b7ddb4ae809e89

    SHA512

    8ac911dd618eb7dec863c4ec5268b6321763a0b1ff4d2053906650ef365d6db9a4c919895c149675fc7f089f465d4069f05432e8f9c4cb37e2b44fe28d4fed0c

    Download Submit

  • /data/user/0/com.lady.naive/app_DynamicOptDex/YYWAcjA.json
    Filesize

    118KB

    MD5

    319edfc7800cd95f601e378877da93dd

    SHA1

    48dfc57aab013d0edafe34829dbe91ff7eac0fc6

    SHA256

    633eef55f1182663b9f0cefe056fc85a9fd1c5a4a146201a17677074c10afb85

    SHA512

    7b9de6b544731c3134e40503c73d261c65f0234ae511ba46e3829fa4d836b2d1f993e1082340ba1dcd89c4f1a8d3dd5a5bf83eaf9bf5ad004c0758d80cf7d1f9

    Download Submit

  • /data/user/0/com.lady.naive/app_DynamicOptDex/oat/YYWAcjA.json.cur.prof
    Filesize

    151B

    MD5

    9b6a5b1835b3cd95d8d28ff6632b5c2a

    SHA1

    5044f6729e3a2a7335b0ea2c57cb01f4f37b72b9

    SHA256

    9309d06f78cb284dc6094204e04fbd14eb2f257da0a485334adab53fe5c93f2c

    SHA512

    41768fd9e31fa5763345d2b12b9d0e2f5bcaf265c0d806f880a84d7821879d544adfaa5df3d36241277e2436f392443d4d243f51d4306af81b0f029a940f9a50

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.