Analysis Overview
SHA256
38b5a7e3e39c72096939eb09e59fa41cd9de2d239e500931a348bc9d4bb2755c
Threat Level: Known bad
The file 38b5a7e3e39c72096939eb09e59fa41cd9de2d239e500931a348bc9d4bb2755c.apk was found to be: Known bad.
Malicious Activity Summary
Cerberus
Loads dropped Dex/Jar
Requests dangerous framework permissions
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-12-07 16:46
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-12-07 16:46
Reported
2021-12-07 16:49
Platform
android-x64
Max time kernel
2513165s
Max time network
53s
Command Line
Signatures
Cerberus
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/epf.yywrjxjcfzcieixrsblqicj.pxihncgcqryrrufegfffojdtil/app_DynamicOptDex/sQePtB.json | N/A | N/A |
| N/A | /data/user/0/epf.yywrjxjcfzcieixrsblqicj.pxihncgcqryrrufegfffojdtil/app_DynamicOptDex/sQePtB.json | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
epf.yywrjxjcfzcieixrsblqicj.pxihncgcqryrrufegfffojdtil
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| US | 216.239.35.12:123 | time.android.com | udp |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/epf.yywrjxjcfzcieixrsblqicj.pxihncgcqryrrufegfffojdtil/app_DynamicOptDex/sQePtB.json
| MD5 | b292f0e71aa26422d5ae19550a4fd721 |
| SHA1 | d6338cbb6413994342760acc7d02756144bb6cb0 |
| SHA256 | 06a2eee2b470acf7640da35ff2fc8afd1eb694507ca84ff9d182ac1ef24ce31d |
| SHA512 | 5e8643744801bf37fef170d8462075b4c8b8c43be848f9275fb65e63832dfcd56bb33f1db21433456e6fc2ebfe3db4ba2a90b12647f4f3955a4d3fcef3d36b46 |
/data/user/0/epf.yywrjxjcfzcieixrsblqicj.pxihncgcqryrrufegfffojdtil/app_DynamicOptDex/sQePtB.json
| MD5 | b292f0e71aa26422d5ae19550a4fd721 |
| SHA1 | d6338cbb6413994342760acc7d02756144bb6cb0 |
| SHA256 | 06a2eee2b470acf7640da35ff2fc8afd1eb694507ca84ff9d182ac1ef24ce31d |
| SHA512 | 5e8643744801bf37fef170d8462075b4c8b8c43be848f9275fb65e63832dfcd56bb33f1db21433456e6fc2ebfe3db4ba2a90b12647f4f3955a4d3fcef3d36b46 |