Overview

overview

10

Static

static

7

Aleyna_Tilki_Ifsa.apk

android_x64

10

Aleyna_Tilki_Ifsa.apk

android_x64

10

Aleyna_Tilki_Ifsa.apk

android_x64

10

Resubmissions

15-04-2024 19:09

240415-xt4dssdg45 10

07-12-2021 21:35

211207-1fk7vadbbm 10

Analysis

  • max time kernel
    2530901s
  • max time network
    191s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    07-12-2021 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Aleyna_Tilki_Ifsa.apk

  • Size

    2.2MB

  • MD5

    c2df5601485a33aa2feb1cb3b00e1bac

  • SHA1

    3d1d4445e5daa4e88adca360e45da9277c60eb4d

  • SHA256

    731c0da8d74adbb557a0abd4ec2aa6c61e09d429560d76549881f08e564b27cd

  • SHA512

    7af0ca3260d826dee08e9a0097ab0cf2f05ad626751aa58815c37b03360b4a5d660cd86b87b4df58fbd4cf37058c0b5114de505248dc9aa35fd5a01f489380b1

Score
10/10
cerberusbankerevasioninfostealerratsuricatatrojan

Malware Config

Extracted

Family

cerberus

C2

http://31.187.74.114

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    suricata
  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    suricata
  • Loads dropped Dex/Jar 5 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • com.bulb.maid
    1⤵
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:3695

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads