Resubmissions

14-10-2021 19:48

211014-yjczjababm 10

14-10-2021 19:45

211014-ygds2saca6 7

Analysis

  • max time kernel
    2153429s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    14-10-2021 19:48

General

  • Target

    Aleyna_Tilki_Ifsa.apk

  • Size

    2.7MB

  • MD5

    1de701e9b870b779c1c244fe1c65f7f1

  • SHA1

    e9cd53eeefc3f3c258acecf48b4661bb747955eb

  • SHA256

    455900e642599530f1fe934e143a724e5bed50ae63be00aaaeabb124852dba82

  • SHA512

    4354c4eb07035bec8f2d9f1b0449a56bea2ebbd3fb91551f136c18a0cb29967fdce87caa8b8365e5aaf9cbffc8fcc38a0621127eb6075308a4513eebf865ebfb

Malware Config

Extracted

Family

cerberus

C2

http://161.97.68.93

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses reflection 1 IoCs

Processes

  • com.snack.dignity
    1⤵
    • Loads dropped Dex/Jar
    • Uses reflection
    PID:4967
    • com.snack.dignity
      2⤵
        PID:4992
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads