Analysis Overview
SHA256
a95070651ed64f60b616110043bb2d37e0b7fb02b42911f8d3535e71d6c4bbf7
Threat Level: Known bad
The file a95070651ed64f60b616110043bb2d37e0b7fb02b42911f8d3535e71d6c4bbf7 was found to be: Known bad.
Malicious Activity Summary
Cerberus
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-02-05 11:33
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-02-05 11:33
Reported
2022-02-05 11:34
Platform
android-x86-arm
Max time kernel
3383369s
Max time network
41s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.uhciwzaqmjqfw.jvvogaxaeanoymc
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | alt3-mtalk.google.com | udp |
| SG | 74.125.200.188:443 | alt3-mtalk.google.com | tcp |
| SG | 74.125.200.188:443 | alt3-mtalk.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| DE | 139.162.187.208:80 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-02-05 11:33
Reported
2022-02-05 11:36
Platform
android-x64
Max time kernel
3383434s
Max time network
177s
Command Line
Signatures
Cerberus
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.uhciwzaqmjqfw.jvvogaxaeanoymc
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2022-02-05 11:33
Reported
2022-02-05 11:35
Platform
android-x64-arm64
Max time kernel
3383420s
Max time network
96s
Command Line
Signatures
Cerberus
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.uhciwzaqmjqfw.jvvogaxaeanoymc
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.166:80 | ad.doubleclick.net | tcp |
| NL | 142.251.39.104:443 | tcp | |
| NL | 142.251.36.46:443 | tcp | |
| NL | 142.251.36.46:443 | tcp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp | |
| DE | 139.162.187.208:80 | tcp |