Analysis
-
max time kernel
2153196s -
max time network
60s -
platform
android_x64 -
resource
android-x64 -
submitted
14-10-2021 19:45
Static task
static1
Behavioral task
behavioral1
Sample
Android_Guncelleme (1).apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
Android_Guncelleme (1).apk
-
Size
2.7MB
-
MD5
29005e3560f583a14d22f348dc7e3db1
-
SHA1
13aeaea9b7601539a170e38a56dd44173454c668
-
SHA256
392f2c9d5656e68cf9155d07dc83f4fdf7533369545f44bf4c5db7cc4900c99d
-
SHA512
96bc3aac5e3fa88d2dd59a3270cca8e279752cf8f755149d641480e4f671be4b0b3217448760ec957fda1cd117ab3266e27653b52a926f3c6bc0bd84afad19b9
Malware Config
Extracted
Family
cerberus
C2
http://194.163.187.220
Signatures
-
Loads dropped Dex/Jar 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.response.fragile/app_DynamicOptDex/WOXBX.json 3712 com.response.fragile /data/user/0/com.response.fragile/app_DynamicOptDex/WOXBX.json 3712 com.response.fragile /product/app/webview/webview.apk 3712 com.response.fragile /product/app/webview/webview.apk 3712 com.response.fragile -
Uses reflection 2 IoCs
description pid Process Invokes method android.content.Context.bindServiceAsUser 3712 com.response.fragile Invokes method android.content.Context.bindServiceAsUser 3712 com.response.fragile