General

  • Target

    Android_Guncelleme.apk

  • Size

    2.4MB

  • Sample

    211209-cbwwsabhcp

  • MD5

    bcfab200bdcad05875d1c79ac27eea97

  • SHA1

    f0efeb09f22dbb8bf97ff9b5d7c6844f4e4249d4

  • SHA256

    70fa3acaa97e9f65611a622fe73d2dc6e5839136663bc16a7b32b6016809c53d

  • SHA512

    adc0efcff00e8602568ac12bd5d1b0c428fb34b7fc4772ca7eada63bb9c3342b2013a2c89f52f06f73c4292e6bbd274fbfff4b75cc2f2b78227b5378a8d5d5b0

Malware Config

Extracted

Family

cerberus

C2

http://185.187.169.161

Targets

    • Target

      Android_Guncelleme.apk

    • Size

      2.4MB

    • MD5

      bcfab200bdcad05875d1c79ac27eea97

    • SHA1

      f0efeb09f22dbb8bf97ff9b5d7c6844f4e4249d4

    • SHA256

      70fa3acaa97e9f65611a622fe73d2dc6e5839136663bc16a7b32b6016809c53d

    • SHA512

      adc0efcff00e8602568ac12bd5d1b0c428fb34b7fc4772ca7eada63bb9c3342b2013a2c89f52f06f73c4292e6bbd274fbfff4b75cc2f2b78227b5378a8d5d5b0

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

      suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks