Analysis

  • max time kernel
    2412247s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    17-10-2021 19:40

General

  • Target

    Androidupdate_2.apk

  • Size

    2.8MB

  • MD5

    4ed6bfe741982803744054d497744180

  • SHA1

    9e8feaac343f2e43b1eb0cd0437ca59869164ebf

  • SHA256

    33f9c3fdb345146fc95dbe2bf2ea18d0cf7c1a64620862019c88c99f0f7726ab

  • SHA512

    f446ba7dea2f273fb264c7790d4b2dc3313ffeaf339821a473206cbf70a529bafafd8a6296feb811245bfacf269517cb78ed6d296e6effd01ac52911a4047ff7

Malware Config

Extracted

Family

cerberus

C2

http://20.90.106.208/

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
  • Uses reflection 1 IoCs

Processes

  • com.arrow.cousin
    1⤵
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses reflection
    PID:4855
    • com.arrow.cousin
      2⤵
        PID:4881
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4881

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads