General

  • Target

    ALEYNA_TILKI_IFSA_build_obf_4.apk

  • Size

    2.9MB

  • Sample

    211016-wvddbschgr

  • MD5

    62f5db5df34e50de3092e3e15b64de99

  • SHA1

    a7bd3e84616fc6017b8085b777106e1932330a4a

  • SHA256

    a09e1cf2e6514a984917f749815861f8dc3730164fa5ba92c50628ff948d38d9

  • SHA512

    4aa14359c6eaafd1b84195bb02bb64ec255bd21e4a531ddd674f282a82ddd17df4ef667285a08d2b420d1c7c57f87c04d53664eaa217ce5ec23c5bea24b1bdca

Malware Config

Extracted

Family

cerberus

C2

http://161.97.68.93

Targets

    • Target

      ALEYNA_TILKI_IFSA_build_obf_4.apk

    • Size

      2.9MB

    • MD5

      62f5db5df34e50de3092e3e15b64de99

    • SHA1

      a7bd3e84616fc6017b8085b777106e1932330a4a

    • SHA256

      a09e1cf2e6514a984917f749815861f8dc3730164fa5ba92c50628ff948d38d9

    • SHA512

      4aa14359c6eaafd1b84195bb02bb64ec255bd21e4a531ddd674f282a82ddd17df4ef667285a08d2b420d1c7c57f87c04d53664eaa217ce5ec23c5bea24b1bdca

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks