Resubmissions

14-10-2021 19:48

211014-yjdaasaca7 10

14-10-2021 19:45

211014-ygds2sbabk 7

Analysis

  • max time kernel
    2153432s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    14-10-2021 19:48

General

  • Target

    Aleyna_Tilki_Ifsa.apk

  • Size

    2.7MB

  • MD5

    f50a8b6f416d2efb30fe6b2b5f83b9da

  • SHA1

    da162c0a3ae612ee779ff781e60b4362880fc7a8

  • SHA256

    cf3bd3c242555867a1e6bdd07e7c9dcc5df5ba5cf15e24ed12ac7e1bc533f829

  • SHA512

    ed3663d0a26262080617d1d7d4e665b772468bfb0f4f9e65fac79649a4db9ee5eeb624e79372a3c50abc4537380e4512484397ae3d6c8cb72a882647598669f7

Malware Config

Extracted

Family

cerberus

C2

http://161.97.68.93

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses reflection 1 IoCs

Processes

  • com.denial.mirror
    1⤵
    • Loads dropped Dex/Jar
    • Uses reflection
    PID:4862
    • com.denial.mirror
      2⤵
        PID:4886
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4886

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads