Analysis
-
max time kernel
2067490s -
max time network
49s -
platform
android_x64 -
resource
android-x64 -
submitted
13-10-2021 19:56
Static task
static1
Behavioral task
behavioral1
Sample
Androidupdate.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
Androidupdate.apk
-
Size
2.6MB
-
MD5
e62736efcf51548162c75b2afb915345
-
SHA1
323ba25956e9cf83e790024c2cc60ff5a39a6b46
-
SHA256
418b67fe185da6593d47174dd5b9e02eef840cbcff2696800b6c5bd7d3474bc0
-
SHA512
d97948aee3a6ed967e140d997959436e0944edb77ed598d1887cc2e6da1c0a563be57b671084f340e3ee79c839579ebd2d979b009242a4b2723880e3ae2e7ca5
Malware Config
Extracted
Family
cerberus
C2
http://20.90.106.208/
Signatures
-
Loads dropped Dex/Jar 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.turn.shoot/app_DynamicOptDex/AnEe.json 3721 com.turn.shoot /data/user/0/com.turn.shoot/app_DynamicOptDex/AnEe.json 3721 com.turn.shoot /product/app/webview/webview.apk 3721 com.turn.shoot /product/app/webview/webview.apk 3721 com.turn.shoot -
Uses reflection 11 IoCs
description pid Process Invokes method android.content.Context.bindServiceAsUser 3721 com.turn.shoot Invokes method android.content.Context.bindServiceAsUser 3721 com.turn.shoot Invokes method android.content.Context.bindServiceAsUser 3721 com.turn.shoot Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3721 com.turn.shoot Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3721 com.turn.shoot Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3721 com.turn.shoot Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3721 com.turn.shoot Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3721 com.turn.shoot Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3721 com.turn.shoot Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3721 com.turn.shoot Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3721 com.turn.shoot