General

  • Target

    Android_Guncelleme.apk

  • Size

    3.9MB

  • Sample

    210724-45s72zd456

  • MD5

    135e116b58156421ca82e964c2bc62f8

  • SHA1

    0fbe0ab9fdcdc03774304aa0130b1207d50eb1e5

  • SHA256

    46f13df8a54b8abc7750efb70c9a5da82b9e65c68e071f2d1cc1a22aba360dca

  • SHA512

    a9a0df066028a266bbd4d1b6fbc9d4e3f095c25a0355813d6325d6aa05232d38f3accc3fec03e71b629482763c6a6c26b0b39e4a9f79d3b771efb91e4bec9144

Malware Config

Targets

    • Target

      Android_Guncelleme.apk

    • Size

      3.9MB

    • MD5

      135e116b58156421ca82e964c2bc62f8

    • SHA1

      0fbe0ab9fdcdc03774304aa0130b1207d50eb1e5

    • SHA256

      46f13df8a54b8abc7750efb70c9a5da82b9e65c68e071f2d1cc1a22aba360dca

    • SHA512

      a9a0df066028a266bbd4d1b6fbc9d4e3f095c25a0355813d6325d6aa05232d38f3accc3fec03e71b629482763c6a6c26b0b39e4a9f79d3b771efb91e4bec9144

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • suricata: ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

MITRE ATT&CK Matrix

Tasks