Resubmissions

18-01-2021 13:41

210118-xkrc97ra7j 10

17-01-2021 18:50

210117-b6zy2kn2k6 10

13-01-2021 06:04

210113-xq3kfnydvn 10

Analysis

  • max time kernel
    4200165s
  • max time network
    129s
  • platform
    android_x86_64
  • resource
    android-x86_64
  • submitted
    13-01-2021 06:04

General

  • Target

    8d12d204036baf36104520de8ccf47b1.jar.apk

  • Size

    1.1MB

  • MD5

    8d12d204036baf36104520de8ccf47b1

  • SHA1

    2f488db88d1d8b6b2f01f422b581b3c71a916590

  • SHA256

    8b169fd5768e294ae267938aceb646911dbc3e89241d9977266cb444b7d51c5f

  • SHA512

    c0d402d81574b9ae844496150115d4a1fc6ade41ec44fb93fd1ecc8a13a9b2f0636654dd4c14f337e014c74b4dc6f4cb86c9393bd02a49775a9e8a49ba58f075

Malware Config

Extracted

Family

cerberus

C2

http://privateone.top

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Removes its main activity from the application launcher 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
  • Suspicious use of android.app.ActivityManager.getRunningServices 4 IoCs
  • Suspicious use of android.telephony.TelephonyManager.getLine1Number 1 IoCs
  • Uses reflection 15 IoCs

Processes

  • ozzhpwgxbjoidrpetnjkpsqze.wogbrrbjmp.qtjjsrzoichazzuekgdb
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation).
    • Suspicious use of android.app.ActivityManager.getRunningServices
    • Suspicious use of android.telephony.TelephonyManager.getLine1Number
    • Uses reflection
    PID:3600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads