General

  • Target

    Android_Update_7.apk

  • Size

    1.7MB

  • Sample

    220120-wawn6sahfk

  • MD5

    a8bdd46b3023afc953fad85576a948c0

  • SHA1

    845d50ee644cd1a0c826e7a6cd2749b1a9cbbce8

  • SHA256

    b119397dab2853e810407a47757be91e3f24a68613b775951f62a1e9a1d5c890

  • SHA512

    c95e19c2595e9fd16cc4d4e5cdd8d11ed7f86e3ff45bd9c3e8ed33c15577ec91aceaf502c9b5b3a0d676f8170f5628dd5f8b7a446e326a8e7b877ebf4b0f88fd

Malware Config

Extracted

Family

cerberus

C2

http://20.109.187.226

Targets

    • Target

      Android_Update_7.apk

    • Size

      1.7MB

    • MD5

      a8bdd46b3023afc953fad85576a948c0

    • SHA1

      845d50ee644cd1a0c826e7a6cd2749b1a9cbbce8

    • SHA256

      b119397dab2853e810407a47757be91e3f24a68613b775951f62a1e9a1d5c890

    • SHA512

      c95e19c2595e9fd16cc4d4e5cdd8d11ed7f86e3ff45bd9c3e8ed33c15577ec91aceaf502c9b5b3a0d676f8170f5628dd5f8b7a446e326a8e7b877ebf4b0f88fd

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

      suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks