Analysis Overview
SHA256
68bc2cb13a379bfc167c82edb938b11f0781ad5afa52b02c073a6750c0195b77
Threat Level: Known bad
The file 68bc2cb13a379bfc167c82edb938b11f0781ad5afa52b02c073a6750c0195b77.apk was found to be: Known bad.
Malicious Activity Summary
Cerberus
Requests dangerous framework permissions
Checks Android system properties for emulator presence.
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-11-18 12:48
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-11-18 12:48
Reported
2021-11-18 12:51
Platform
android-x64-arm64
Max time kernel
857367s
Max time network
157s
Command Line
Signatures
Cerberus
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.qpfwifjaitspmygy.xqlqtkif
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.132:443 | udp | |
| US | 216.239.35.8:123 | time.android.com | udp |
| US | 142.251.39.106:443 | udp | |
| US | 142.251.39.106:443 | udp | |
| NL | 142.250.179.142:443 | udp | |
| US | 216.58.214.3:443 | udp | |
| US | 142.251.36.40:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 172.67.166.2:443 | yildizhanhuseyin.com | tcp |
| US | 216.58.214.3:443 | udp |