Resubmissions

13-10-2021 19:57

211013-ypme6afca8 10

13-10-2021 19:56

211013-ynn8csfca7 7

Analysis

  • max time kernel
    2067580s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    13-10-2021 19:57

General

  • Target

    Android build_obf.apk

  • Size

    2.6MB

  • MD5

    70f36562f58abbdf83212960f304d528

  • SHA1

    8448de6901e3aa62d9e6b2d59bfc7c2c9c4664b5

  • SHA256

    d7480b9bc123f459d8bd1045f2e1d3b26867c39970290f3007d0b8b79cc1908d

  • SHA512

    214671b9742aeafa6d72fd2749a9455e4b0c5d7bd851d845fb4114ba5ef09f1e95ba3331ecae046082344767ee186d2b51fd822595e56171d8b763a3d493a7a6

Malware Config

Extracted

Family

cerberus

C2

http://194.163.187.220

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses reflection 1 IoCs

Processes

  • com.mammal.shrug
    1⤵
    • Loads dropped Dex/Jar
    • Uses reflection
    PID:5030
    • com.mammal.shrug
      2⤵
        PID:5054
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5054

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads