cerberus | 3de74ee37b50b625a9098d15c8653101666bc5e059f2baffa34a93ce155aa4f8 | Triage

Sharing

General

Target

AndrodUpdate(1).apk
Size

4.7MB
Sample

210805-g5cxabaqxx
MD5

9f0c2c7a000e802b69063bf6283fe78f
SHA1

e306adcc053ae5252eb843417ecfbcea4c810956
SHA256

3de74ee37b50b625a9098d15c8653101666bc5e059f2baffa34a93ce155aa4f8
SHA512

7b3de89f82fee9f9483aef1f76bac57493c54e6944f18cf86c8d32d5ec16b570e406afcfe9144ba6f051e10880a5dc2d3cb73144138242399c2cfe45b9138e56

Score

10^/10

cerberus android banker evasion infostealer obfuscation rat trojan

Malware Config

Extracted

Family

cerberus

C2

http://normalyardimm2021alin.xyz/

Targets

- Target
  
  AndrodUpdate(1).apk
- Size
  
  4.7MB
- MD5
  
  9f0c2c7a000e802b69063bf6283fe78f
- SHA1
  
  e306adcc053ae5252eb843417ecfbcea4c810956
- SHA256
  
  3de74ee37b50b625a9098d15c8653101666bc5e059f2baffa34a93ce155aa4f8
- SHA512
  
  7b3de89f82fee9f9483aef1f76bac57493c54e6944f18cf86c8d32d5ec16b570e406afcfe9144ba6f051e10880a5dc2d3cb73144138242399c2cfe45b9138e56
Score

10^/10

cerberus banker evasion infostealer obfuscation rat trojan
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cerberusbankerevasioninfostealerobfuscationrattrojan

behavioral2

cerberusbankerevasioninfostealerrattrojan

behavioral3

cerberusbankerevasioninfostealerobfuscationrattrojan