cerberus | 80b543537957e43444cf5adaf27a152318a97cf115ce97e4e4f104c761257a49

Analysis

max time kernel
4008481s
max time network
139s
platform
android_x86
resource
android-x86_arm
submitted
20-04-2021 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Flashplayer.....apk
Size

4.0MB
MD5

b2d77459b93ea208e0567e648f4244d0
SHA1

850db541816850c12e53970c0d4b3f2a36c464ef
SHA256

80b543537957e43444cf5adaf27a152318a97cf115ce97e4e4f104c761257a49
SHA512

93caa5c973879dd8b067cfbc7d19eb1d16a11ebe515a95797c595b2bb2e5b2ab5ad14d45a1c719381be898a7ff67d925363a0999fac0ff668a8857053c113ee4

Score

10^/10

cerberus banker evasion infostealer obfuscation rat stealth trojan

Malware Config

Extracted

Family

cerberus

http://144.76.80.117

Signatures

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus
Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

weather.machine.culture

pid process

4703 weather.machine.culture
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

weather.machine.culture

ioc pid process

/data/user/0/weather.machine.culture/app_DynamicOptDex/srlX.json 4703 weather.machine.culture
Tries to add a device administrator. 1 IoCs

Processes:

weather.machine.culture

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN weather.machine.culture

pid	process
4703	weather.machine.culture

ioc	pid	process
/data/user/0/weather.machine.culture/app_DynamicOptDex/srlX.json	4703	weather.machine.culture

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	weather.machine.culture

Uses reflection 27 IoCs

obfuscation

Processes:

weather.machine.culture

description	pid	process
Invokes method java.lang.Object.getClass	4703	weather.machine.culture
Invokes method android.content.res.AssetManager.addAssetPath	4703	weather.machine.culture
Invokes method android.app.ContextImpl.getAssets	4703	weather.machine.culture
Invokes method java.lang.Object.getClass	4703	weather.machine.culture
Invokes method android.content.res.AssetManager.open	4703	weather.machine.culture
Invokes method java.io.FilterInputStream.read	4703	weather.machine.culture
Invokes method java.io.FilterInputStream.read	4703	weather.machine.culture
Invokes method java.io.BufferedInputStream.read	4703	weather.machine.culture
Invokes method java.lang.Object.getClass	4703	weather.machine.culture
Invokes method java.io.BufferedInputStream.close	4703	weather.machine.culture
Invokes method java.lang.Object.getClass	4703	weather.machine.culture
Invokes method java.lang.String.getBytes	4703	weather.machine.culture
Invokes method java.lang.Object.getClass	4703	weather.machine.culture
Invokes method java.io.FileOutputStream.write	4703	weather.machine.culture
Invokes method java.lang.Object.getClass	4703	weather.machine.culture
Invokes method java.io.BufferedInputStream.close	4703	weather.machine.culture
Invokes method java.lang.Object.getClass	4703	weather.machine.culture
Invokes method java.io.FilterOutputStream.close	4703	weather.machine.culture
Invokes method android.app.ActivityThread.currentActivityThread	4703	weather.machine.culture
Acesses field android.app.ActivityThread.mPackages	4703	weather.machine.culture
Invokes method java.lang.reflect.Field.get	4703	weather.machine.culture
Invokes method java.lang.Object.getClass	4703	weather.machine.culture
Invokes method java.lang.ref.Reference.get	4703	weather.machine.culture
Invokes method java.lang.ref.Reference.get	4703	weather.machine.culture
Acesses field android.app.LoadedApk.mClassLoader	4703	weather.machine.culture
Invokes method java.lang.reflect.Field.get	4703	weather.machine.culture
Acesses field android.app.LoadedApk.mClassLoader	4703	weather.machine.culture

weather.machine.culture
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Tries to add a device administrator.
- Uses reflection
PID:4703

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads