cerberus | 731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd | Triage

Submit
Reports

Overview

overview

Static

static

7

Aleyna_Tilki_Ifsa.apk

android_x64

Aleyna_Tilki_Ifsa.apk

android_x64

Aleyna_Tilki_Ifsa.apk

android_x64

Resubmissions

15-04-2024 19:09

240415-xt4dssdg45 10

07-12-2021 21:35

211207-1fk7vadbbm 10

Sharing

General

Target

Aleyna_Tilki_Ifsa.apk
Size

2.2MB
Sample

211207-1fk7vadbbm
MD5

c2df5601485a33aa2feb1cb3b00e1bac
SHA1

3d1d4445e5daa4e88adca360e45da9277c60eb4d
SHA256

731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd
SHA512

7af0ca3260d826dee08e9a0097ab0cf2f05ad626751aa58815c37b03360b4a5d660cd86b87b4df58fbd4cf37058c0b5114de505248dc9aa35fd5a01f489380b1

Score

10^/10

cerberus android banker evasion infostealer rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Aleyna_Tilki_Ifsa.apk

Resource

android-x64

cerberus banker evasion infostealer rat suricata trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Aleyna_Tilki_Ifsa.apk

Resource

android-x64

cerberus banker evasion infostealer rat suricata trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Aleyna_Tilki_Ifsa.apk

Resource

android-x64

cerberus banker evasion infostealer rat suricata trojan

android_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cerberus

C2

http://31.187.74.114

Targets

- Target
  
  Aleyna_Tilki_Ifsa.apk
- Size
  
  2.2MB
- MD5
  
  c2df5601485a33aa2feb1cb3b00e1bac
- SHA1
  
  3d1d4445e5daa4e88adca360e45da9277c60eb4d
- SHA256
  
  731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd
- SHA512
  
  7af0ca3260d826dee08e9a0097ab0cf2f05ad626751aa58815c37b03360b4a5d660cd86b87b4df58fbd4cf37058c0b5114de505248dc9aa35fd5a01f489380b1
Score

10^/10

cerberus banker evasion infostealer rat suricata trojan
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
  suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cerberusbankerevasioninfostealerratsuricatatrojan

behavioral2

cerberusbankerevasioninfostealerratsuricatatrojan

behavioral3

cerberusbankerevasioninfostealerratsuricatatrojan

© 2018-2025

Terms | Privacy