Resubmissions
18-01-2021 13:41
210118-xkrc97ra7j 1017-01-2021 18:50
210117-b6zy2kn2k6 1013-01-2021 06:04
210113-xq3kfnydvn 10Analysis
-
max time kernel
4200165s -
max time network
129s -
platform
android_x86_64 -
resource
android-x86_64 -
submitted
13-01-2021 06:04
General
-
Target
8d12d204036baf36104520de8ccf47b1.jar.apk
-
Size
1.1MB
-
MD5
8d12d204036baf36104520de8ccf47b1
-
SHA1
2f488db88d1d8b6b2f01f422b581b3c71a916590
-
SHA256
8b169fd5768e294ae267938aceb646911dbc3e89241d9977266cb444b7d51c5f
-
SHA512
c0d402d81574b9ae844496150115d4a1fc6ade41ec44fb93fd1ecc8a13a9b2f0636654dd4c14f337e014c74b4dc6f4cb86c9393bd02a49775a9e8a49ba58f075
Score
10/10
Malware Config
Extracted
Family
cerberus
C2
http://privateone.top
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Removes its main activity from the application launcher 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
-
Suspicious use of android.app.ActivityManager.getRunningServices 4 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getLine1Number 1 IoCs
-
Uses reflection 15 IoCs
Processes
-
ozzhpwgxbjoidrpetnjkpsqze.wogbrrbjmp.qtjjsrzoichazzuekgdb1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation).
- Suspicious use of android.app.ActivityManager.getRunningServices
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection