Analysis

  • max time kernel
    2320710s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    16-10-2021 18:15

General

  • Target

    Google_Guncelleme.apk

  • Size

    2.8MB

  • MD5

    dc51bff95e5440333dbac8b51994a00d

  • SHA1

    8b491a026b3689e1b3f21af8c6aeaa0ad31055fc

  • SHA256

    03b8c573cd719e544d027170e25799ffeeb61b3d0ba9827ea0d2248e0a66319d

  • SHA512

    d94aaa926e2ea46b6cb042f1c0aa6413f0f5b56cb7643475d3f632c78e523226aad0a5308235c4b92e24019fc07e369c4f825d42ae693162e668c5bd14559138

Malware Config

Extracted

Family

cerberus

C2

http://51.81.32.58

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
  • Uses reflection 1 IoCs

Processes

  • com.pottery.gap
    1⤵
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses reflection
    PID:4978
    • com.pottery.gap
      2⤵
        PID:5002
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5002

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads