Analysis
-
max time kernel
2146811s -
max time network
38s -
platform
android_x64 -
resource
android-x64 -
submitted
14-10-2021 17:58
Static task
static1
Behavioral task
behavioral1
Sample
Android_Guncelleme.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
Android_Guncelleme.apk
-
Size
2.6MB
-
MD5
83d8646081701b607e9147a9a0bd90d6
-
SHA1
1652440c6feadd9a43c90610763ed7a0a4c351b9
-
SHA256
9ba9ad408a114192254671b24b01af7980f879f3962232389ccc835acb87582a
-
SHA512
2218d890c725725215af03aafc8906f0481484c58212761a237708e205569d0fb9268615f63ac4b41064c0d85bbb1e488d9fd8c8a49e7b90bee32eb59e72947a
Malware Config
Extracted
Family
cerberus
C2
http://194.163.187.220
Signatures
-
Loads dropped Dex/Jar 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.uncover.army/app_DynamicOptDex/FDAk.json 3646 com.uncover.army /data/user/0/com.uncover.army/app_DynamicOptDex/FDAk.json 3646 com.uncover.army /product/app/webview/webview.apk 3646 com.uncover.army /product/app/webview/webview.apk 3646 com.uncover.army -
Uses reflection 3 IoCs
description pid Process Invokes method android.content.Context.bindServiceAsUser 3646 com.uncover.army Invokes method android.content.Context.bindServiceAsUser 3646 com.uncover.army Invokes method android.content.Context.bindServiceAsUser 3646 com.uncover.army