Analysis Overview
SHA256
c5fe4e6090ae47f015e1973f52e93dcd8291394d6c00f25fd38a6532b6f99dfc
Threat Level: Known bad
The file Android_Update_build_flow.apk was found to be: Known bad.
Malicious Activity Summary
Cerberus
Requests dangerous framework permissions
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-12-09 16:03
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-12-09 16:03
Reported
2021-12-09 16:06
Platform
android-x64
Max time kernel
2683460s
Max time network
99s
Command Line
Signatures
Cerberus
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.hisiglxlqn.gyiw
Network
| Country | Destination | Domain | Proto |
| US | 51.81.186.22:80 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 51.81.186.22:80 | tcp | |
| US | 216.239.35.0:123 | time.android.com | udp |
| US | 1.1.1.1:853 | tcp | |
| US | 104.21.33.153:443 | nevrimcansular.xyz | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2021-12-09 16:03
Reported
2021-12-09 16:07
Platform
android-x64
Max time kernel
2683492s
Max time network
112s
Command Line
Signatures
Cerberus
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.hisiglxlqn.gyiw
Network
| Country | Destination | Domain | Proto |
| US | 51.81.186.22:80 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.202:80 | play.googleapis.com | tcp |
| US | 216.239.35.8:123 | time.android.com | udp |
| US | 1.1.1.1:53 | nevrimcansular.xyz | udp |
| US | 172.67.146.137:443 | nevrimcansular.xyz | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2021-12-09 16:03
Reported
2021-12-09 16:08
Platform
android-x64
Max time kernel
2683558s
Max time network
96s
Command Line
Signatures
Cerberus
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.hisiglxlqn.gyiw
Network
| Country | Destination | Domain | Proto |
| US | 104.21.33.153:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 216.239.35.12:123 | time.android.com | udp |
| US | 1.1.1.1:853 | tcp | |
| US | 104.21.33.153:443 | nevrimcansular.xyz | tcp |