cerberus | d12b34a0f28e522c40211fdec24c1dfee1b68c9bef8b0e8438070d144ac93920 | Triage

Sharing

General

Target

Guncelleme.apk
Size

4.6MB
Sample

210805-zhhe3bxdls
MD5

f06ff2abf4ac2cb2a0ce5a0725e9e300
SHA1

403a7a04cf620aec3e60b406ab05eba3349ec868
SHA256

d12b34a0f28e522c40211fdec24c1dfee1b68c9bef8b0e8438070d144ac93920
SHA512

9e0788935cffa955f0adb5e55ca55499186e157e9bb796a5fa6504993f6e15ec13d4423d93ccbc3ad42f73e4ce758bb4e0c271371799353cd9d3470c6b06c0b8

Score

10^/10

cerberus android banker evasion infostealer obfuscation rat trojan

Malware Config

Extracted

Family

cerberus

C2

http://103.214.5.124/

Targets

- Target
  
  Guncelleme.apk
- Size
  
  4.6MB
- MD5
  
  f06ff2abf4ac2cb2a0ce5a0725e9e300
- SHA1
  
  403a7a04cf620aec3e60b406ab05eba3349ec868
- SHA256
  
  d12b34a0f28e522c40211fdec24c1dfee1b68c9bef8b0e8438070d144ac93920
- SHA512
  
  9e0788935cffa955f0adb5e55ca55499186e157e9bb796a5fa6504993f6e15ec13d4423d93ccbc3ad42f73e4ce758bb4e0c271371799353cd9d3470c6b06c0b8
Score

10^/10

cerberus banker evasion infostealer obfuscation rat trojan
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cerberusbankerevasioninfostealerobfuscationrattrojan

behavioral2

cerberusbankerevasioninfostealerrattrojan

behavioral3

cerberusbankerevasioninfostealerobfuscationrattrojan