General

  • Target

    AndrodUpdate.apk

  • Size

    1.6MB

  • Sample

    220120-wancssahe8

  • MD5

    0b5f9870a55cd8ae1a25732dd76c512b

  • SHA1

    1225cbd709c7b44bb63ccb224ae01636e0ca9994

  • SHA256

    e4db3407a56bdaeadd8534a53ee398ce256edf2d00e7eab42357c537229cc550

  • SHA512

    1e7b1a1d7bc011a0dbfcf755a618f238980b9b304954f47211d067aa28f15e0eb7660a7d2bf2ac49cb21bfefb3e4541e23aa85fd9710536b8dac3af64548c782

Malware Config

Extracted

Family

cerberus

C2

http://ayatadedemama.xyz

Targets

    • Target

      AndrodUpdate.apk

    • Size

      1.6MB

    • MD5

      0b5f9870a55cd8ae1a25732dd76c512b

    • SHA1

      1225cbd709c7b44bb63ccb224ae01636e0ca9994

    • SHA256

      e4db3407a56bdaeadd8534a53ee398ce256edf2d00e7eab42357c537229cc550

    • SHA512

      1e7b1a1d7bc011a0dbfcf755a618f238980b9b304954f47211d067aa28f15e0eb7660a7d2bf2ac49cb21bfefb3e4541e23aa85fd9710536b8dac3af64548c782

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks