General

  • Target

    Hadise_Ifsa.apk

  • Size

    2.2MB

  • Sample

    211207-1flhlsdbbn

  • MD5

    6da5c4e5ecd7550dfd105e0aed822dbf

  • SHA1

    18b28535113c0b0506e7e3e641fad46f8ff1f576

  • SHA256

    4aa281c6840591127f3e01d89f0c5da4e17fb46132486a871c989c5025f04cac

  • SHA512

    4f0a8e8d7670841b2a3f89e14ca0aa23c87b5d5a9e536f595a77f030dbf09caa83737dfdf82ea51e33daf44e44cb84cfdcbea48228d726b8d88696ce5d620953

Malware Config

Extracted

Family

cerberus

C2

http://51.81.186.22

Targets

    • Target

      Hadise_Ifsa.apk

    • Size

      2.2MB

    • MD5

      6da5c4e5ecd7550dfd105e0aed822dbf

    • SHA1

      18b28535113c0b0506e7e3e641fad46f8ff1f576

    • SHA256

      4aa281c6840591127f3e01d89f0c5da4e17fb46132486a871c989c5025f04cac

    • SHA512

      4f0a8e8d7670841b2a3f89e14ca0aa23c87b5d5a9e536f595a77f030dbf09caa83737dfdf82ea51e33daf44e44cb84cfdcbea48228d726b8d88696ce5d620953

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

      suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks