Overview

overview

10

Static

static

8

DEV_PORNO_...bf.apk

android_x86

10

DEV_PORNO_...bf.apk

android_x64

DEV_PORNO_...bf.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DEV_PORNO_YERLİ_İFŞA_VİDEOLARI_obf.apk

  • Size

    4.6MB

  • Sample

    210804-fvtyrcn5jx

  • MD5

    bda0dc80bd225022dee98d7db05ffad5

  • SHA1

    11569c6f438e2e885165128d43c382698674d743

  • SHA256

    b8a12bb24e1ce1724ddec605f6c1c70f4a61273f8fc9cc76572f22531e3b871c

  • SHA512

    2116b71a0b02a95e990be1f031223d10e1110c193f20b50f7efcb7293e75e272acef6ff837b53ea72e37d5d016681adf25b8559becc958cf35b10a1532904514

Score
10/10
cerberusandroidbankerevasioninfostealerobfuscationratsuricatatrojan

Malware Config

Extracted

Family

cerberus

C2

http://144.126.152.229

Targets

    • Target

      DEV_PORNO_YERLİ_İFŞA_VİDEOLARI_obf.apk

    • Size

      4.6MB

    • MD5

      bda0dc80bd225022dee98d7db05ffad5

    • SHA1

      11569c6f438e2e885165128d43c382698674d743

    • SHA256

      b8a12bb24e1ce1724ddec605f6c1c70f4a61273f8fc9cc76572f22531e3b871c

    • SHA512

      2116b71a0b02a95e990be1f031223d10e1110c193f20b50f7efcb7293e75e272acef6ff837b53ea72e37d5d016681adf25b8559becc958cf35b10a1532904514

    Score
    10/10
    cerberusbankerevasioninfostealerobfuscationratsuricatatrojan

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

      bankertrojaninfostealerevasionratcerberus

    • suricata: ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks