Malware Analysis Report

2025-01-19 05:18

Sample ID 220602-kfhhysedh6
Target A517CF91AE88E25572BB63B02F2AC8DAA1CE639084EFAF22995B67E5625971BA.apk
SHA256 a517cf91ae88e25572bb63b02f2ac8daa1ce639084efaf22995b67e5625971ba
Tags
cerberus banker evasion infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a517cf91ae88e25572bb63b02f2ac8daa1ce639084efaf22995b67e5625971ba

Threat Level: Known bad

The file A517CF91AE88E25572BB63B02F2AC8DAA1CE639084EFAF22995B67E5625971BA.apk was found to be: Known bad.

Malicious Activity Summary

cerberus banker evasion infostealer rat trojan

Cerberus

Makes use of the framework's Accessibility service.

Requests dangerous framework permissions

Loads dropped Dex/Jar

Removes a system notification.

Listens for changes in the sensor environment (might be used to detect emulation).

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-06-02 08:32

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2022-06-02 08:32

Reported

2022-06-02 08:37

Platform

android-x64-arm64-20220310-en

Max time kernel

596619s

Max time network

156s

Command Line

fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json N/A N/A
N/A /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 216.58.208.102:80 ad.doubleclick.net tcp
NL 142.250.179.202:443 tcp
US 1.1.1.1:853 tcp
NL 216.58.208.110:443 tcp
NL 142.250.179.138:443 tcp
NL 142.251.39.110:443 tcp
NL 142.251.36.14:443 tcp
NL 142.250.179.163:443 tcp
NL 142.250.179.163:443 tcp
NL 142.250.179.163:443 tcp

Files

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 4cf854b144a035d6f1f603b4f7f6869c
SHA1 93a225729f12aec59a78282f09b97b4532157141
SHA256 15f0e46a1d95cd99ad03be423e95b653925a62466289305efc2f627d5928ac7f
SHA512 c4e775dec71334f6f132e1892bd0db486c47afc508a01293531a3a60c75b1fe0b1f7c726d02a9c30982394d88e04e587c3c8b6d5a9b8224895000091d29c4973

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 97030e086f59a1cd4629affe1e1efbea
SHA1 d20821ddf5b9257d33d34c8eabc72abafa0fc5d2
SHA256 834e03730bcd35768b159144c5bb358712d4b3ec56734db668f60d8e8ea43bac
SHA512 f5880a9b206053b13aeb2ecd35c124c10d52b1b54fe85a20e9547da1d70f3b01bad4ab26ca64278f2734c0b8d03183728f7f04185e5ded27e7de145f0cf92e76

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 97030e086f59a1cd4629affe1e1efbea
SHA1 d20821ddf5b9257d33d34c8eabc72abafa0fc5d2
SHA256 834e03730bcd35768b159144c5bb358712d4b3ec56734db668f60d8e8ea43bac
SHA512 f5880a9b206053b13aeb2ecd35c124c10d52b1b54fe85a20e9547da1d70f3b01bad4ab26ca64278f2734c0b8d03183728f7f04185e5ded27e7de145f0cf92e76

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/oat/ojhy.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/shared_prefs/WebViewChromiumPrefs.xml

MD5 97ccd9a2b2063143df56b6937f961ca4
SHA1 5e78a91ae5df289ce83443cb7d5589dd3504fb5d
SHA256 248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd
SHA512 86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/webview_data.lock

MD5 be1f66dad5b429b4bc1daeb1b993a381
SHA1 98f041474f1f456cf10edea28263673f841c5f39
SHA256 3954d9e6bd52e0adc215ee56c9a1a61bc29d592d61a39f67ee4c5b3695d511c4
SHA512 cd8e442b9a92916544c9d044cfeee4bff029ccd5f0d5fd9cde4f6ccdf1a5ab88d710eba3b929b39c7f806f2bc4947e71b2f58360d2b8f2a83b6414f326704fd3

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/Default/Web Data

MD5 a48cd9324b1f8754b07f00d863b840f3
SHA1 11c6614775b35a58f440971dfc87c8aaac6d6173
SHA256 8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420
SHA512 35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/Default/Web Data-journal

MD5 c79902a47a9fd86ccf42ddbb00e80d9c
SHA1 51afab92ce71c379727b5ae1459acd1c18de2464
SHA256 046e832016fabcd4fa0de3267d65f45210dc30d88c253079c02a47f1a61e2ec0
SHA512 a67f915a93759894eb6c7b9b0bd6d3f3328a31402ace7b1dc0ac4746ff93ea34222a1ccfbd89d05f7db19bca4a3f2d88f47e6d60c818847a4323ec52c800fbeb

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/Default/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/Default/GPUCache/index-dir/temp-index

MD5 587d2a060c1f536f68991fae3c622953
SHA1 d2cca35fcebc079d3195c14130e62f2dd80ecafc
SHA256 b167f11588e8bea0ee4599c83c55e1ad1c93496fc7c1cf3d5e1c25e72ade3fd6
SHA512 ac0ece75887d82afb5dee4f69cf1b47eae2edea178871a2c7d5e403fdfaf2ced9a942b370e9c01c658194684ae636f31a7c91126d4b79992dae65148f9d1fa42

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5 378b7e0544b98f333f54ee20a6e0bbce
SHA1 581de0993ea2095da090af75f565335955798e9c
SHA256 8678551ffd98fdc87d6e77756e41671d6fb2451438b84b88cc0d48fbbe6b1c94
SHA512 d558aabae001ba1431fc00f21e65afae642bac168c36b6c5150096f6c82ceb9291f95776a039f68e3dc2041582f8487790007eb1850a397f82e4ba1f1828bc24

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5 73cce4a26c907e6b6f4c737e836148f9
SHA1 38f8b84f4141553ce8851c30c989b20cecce37fe
SHA256 f308fcd16d010f79bb596dfffc1dac106b89ad4cbaf251af847fab5dd41fc76e
SHA512 7c2190d06215dd44295cadcec1a59c4a2c4ed998288e0d6fef0ca26ca8a640393718174ca28508f416f25011a00cc2ae218b68eae502af8447052d54e4475ede

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/WebView/font_unique_name_table.pb

MD5 f080fa2a56ab5479d58063e5ea871447
SHA1 4b3fd57a98916fa5784305b76ba30af26b5253d9
SHA256 0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815
SHA512 8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/WebView/Crashpad/settings.dat

MD5 d48df030aaf14564cb81394e57c42b5f
SHA1 06db57dd710460a7d94110432529061b0b658e2f
SHA256 83d726b5cd808c66b9df71300f944f7e03905670be3b7d0089061e7cedb1d687
SHA512 8f28e08a339266b5000cce90e029f14315af3bd66da9bc4028f96b7407f603b42791fdec20ea4c3e1e51cdee29441161e9f040bd367452546df5971945ec96aa

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/.com.google.Chrome.naUnIQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-02 08:32

Reported

2022-06-02 08:45

Platform

android-x86-arm-20220310-en

Max time kernel

597095s

Max time network

156s

Command Line

fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json N/A N/A
N/A /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json N/A N/A
N/A /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/oat/x86/ojhy.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.250.179.202:80 play.googleapis.com tcp
NL 172.217.168.238:443 tcp
US 173.194.202.188:5228 tcp
US 173.194.202.188:5228 tcp
NL 142.250.179.174:443 tcp
NL 142.251.39.106:443 tcp
NL 172.217.168.202:443 tcp
NL 172.217.168.202:443 tcp
NL 142.251.39.106:443 tcp
IN 49.248.200.137:443 tcp
IN 49.248.200.137:443 tcp
IN 49.248.200.137:443 tcp
IN 49.248.200.137:443 tcp
IN 49.248.200.137:443 tcp
US 1.1.1.1:53 alt8-mtalk.google.com udp
US 142.250.115.188:5228 alt8-mtalk.google.com tcp
US 1.1.1.1:853 tcp
NL 142.251.36.10:80 www.googleapis.com tcp
IN 49.248.200.137:443 tcp
US 142.250.27.188:5228 tcp
NL 142.250.179.132:80 www.google.com tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.132:80 www.google.com tcp
NL 172.217.168.227:80 connectivitycheck.gstatic.com tcp
NL 142.251.36.35:80 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 4cf854b144a035d6f1f603b4f7f6869c
SHA1 93a225729f12aec59a78282f09b97b4532157141
SHA256 15f0e46a1d95cd99ad03be423e95b653925a62466289305efc2f627d5928ac7f
SHA512 c4e775dec71334f6f132e1892bd0db486c47afc508a01293531a3a60c75b1fe0b1f7c726d02a9c30982394d88e04e587c3c8b6d5a9b8224895000091d29c4973

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 97030e086f59a1cd4629affe1e1efbea
SHA1 d20821ddf5b9257d33d34c8eabc72abafa0fc5d2
SHA256 834e03730bcd35768b159144c5bb358712d4b3ec56734db668f60d8e8ea43bac
SHA512 f5880a9b206053b13aeb2ecd35c124c10d52b1b54fe85a20e9547da1d70f3b01bad4ab26ca64278f2734c0b8d03183728f7f04185e5ded27e7de145f0cf92e76

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/oat/x86/ojhy.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/oat/x86/ojhy.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 97030e086f59a1cd4629affe1e1efbea
SHA1 d20821ddf5b9257d33d34c8eabc72abafa0fc5d2
SHA256 834e03730bcd35768b159144c5bb358712d4b3ec56734db668f60d8e8ea43bac
SHA512 f5880a9b206053b13aeb2ecd35c124c10d52b1b54fe85a20e9547da1d70f3b01bad4ab26ca64278f2734c0b8d03183728f7f04185e5ded27e7de145f0cf92e76

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 d3ae3f9aa36a8eb5ede0923b26e20ec7
SHA1 a5a6d3df6aca4c6cb48e01b720cf95137ae02ff9
SHA256 e10867c95ebbf51bd20d7b2253d1d5b307c1a1859e93762ccc9dd50c7fb7bb53
SHA512 06b30dc8031db8b5418c4dbf18b779cbb107b32b2c2eca705d685d1937a19affda9088fa0173c57685f68f2ad4fd963d7613819087dcfbe944279c495a8ef357

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/oat/ojhy.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/Web Data-journal

MD5 c5c0fc455ad491e0cc9cb1ae4c52972f
SHA1 f7d21ac085f4087c0bafdc2f5c61e0adc7ca03b6
SHA256 b0e94130dc4af238f2d3804dbdc21131d9f4bd3a8eb260bcaf58d749f94ad9ca
SHA512 12c7fcfe1c1dc33e2016a930dcf55c17e96c54bdf9d3571b83fb60d435291b489735bc63c6cfaddd6d18bab5d6e3a08444140b118441cd4f165a6d4a655b2e4e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/metrics_guid

MD5 82042104156ffb5f7c82ab093454662b
SHA1 97a99c335a258d7ed2f2ff33d0485f8b1aa3fa96
SHA256 451ddb23330415cd32c58326ee873b5e24f370fd344dc1b0ce0b2e896aec0deb
SHA512 2df695e9646a05ee784359e0ad40587f511152b74b9e5505b6775913edc74ef4d47c7a4513d16b920d327254ad8883889c9ba4631c76df841e8049e068e24c39

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/GPUCache/index-dir/temp-index

MD5 3072f3bce564c9aeae52a4750eebe610
SHA1 e558140004295bd1f4902684459dc69dcff0eb67
SHA256 8287349d9a6a423e530636bffa2b4a0cca7e2c6f59f96a3b479d94eaeb86c037
SHA512 97f3eadf0a7bf9d3a5c6c4fe7bf91f3f68b75559f2b9e6b07c8b6d110dac79c0108dd164bd862ba30ddb060cf463756b00106e88c15426d9dba0a9fb3ef87623

Analysis: behavioral2

Detonation Overview

Submitted

2022-06-02 08:32

Reported

2022-06-02 08:48

Platform

android-x64-20220310-en

Max time kernel

597238s

Max time network

161s

Command Line

fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq

Signatures

Cerberus

banker trojan infostealer evasion rat cerberus

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json N/A N/A
N/A /data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation).

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Processes

fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 4cf854b144a035d6f1f603b4f7f6869c
SHA1 93a225729f12aec59a78282f09b97b4532157141
SHA256 15f0e46a1d95cd99ad03be423e95b653925a62466289305efc2f627d5928ac7f
SHA512 c4e775dec71334f6f132e1892bd0db486c47afc508a01293531a3a60c75b1fe0b1f7c726d02a9c30982394d88e04e587c3c8b6d5a9b8224895000091d29c4973

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 97030e086f59a1cd4629affe1e1efbea
SHA1 d20821ddf5b9257d33d34c8eabc72abafa0fc5d2
SHA256 834e03730bcd35768b159144c5bb358712d4b3ec56734db668f60d8e8ea43bac
SHA512 f5880a9b206053b13aeb2ecd35c124c10d52b1b54fe85a20e9547da1d70f3b01bad4ab26ca64278f2734c0b8d03183728f7f04185e5ded27e7de145f0cf92e76

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/ojhy.json

MD5 97030e086f59a1cd4629affe1e1efbea
SHA1 d20821ddf5b9257d33d34c8eabc72abafa0fc5d2
SHA256 834e03730bcd35768b159144c5bb358712d4b3ec56734db668f60d8e8ea43bac
SHA512 f5880a9b206053b13aeb2ecd35c124c10d52b1b54fe85a20e9547da1d70f3b01bad4ab26ca64278f2734c0b8d03183728f7f04185e5ded27e7de145f0cf92e76

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_DynamicOptDex/oat/ojhy.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/shared_prefs/WebViewChromiumPrefs.xml

MD5 6ef709b8536878951e87c29a1518fc2b
SHA1 24376c70b00152501b3d98df61fa7db435339172
SHA256 10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6
SHA512 96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/metrics_guid

MD5 272b94b7ec588a43b713b938317ea344
SHA1 a09c3c717f7e2c7b28ae12c8dcc26865ef91f34d
SHA256 593bd6c036178e96f59cadc5f025e494242a88bed8bd45377cfb77506126d6b7
SHA512 61edf4766700096f7cd01152ec590ac710dafea7d2c06bdfb54fe86bdee775bc478ac941f89997c5b61f9da1ec4dc2bafb1be44ebf46b21093adda2f6d1a6628

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/Web Data

MD5 b663831f8cc130493476d94f2d7a5330
SHA1 043a1956ab8e40821d67043f8a9110a8eb36fb93
SHA256 c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7
SHA512 e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/Web Data-journal

MD5 02a99a0143b53231fa7b994bb34f92b6
SHA1 fc015b30787125ece2addecc0bdcc9d6404486fd
SHA256 63769e9c1e04f7510a66aca65678b40f26bc415dcef60ba1dacd8fcbdf2dd1aa
SHA512 a34c89adc878b9d4045a727148a910aabc62442da595a6746ee6bd462b224f0162be3cc1c2cd5ef58a40c5c8926235b038bd8ce6d88ef6d7d0739442adca8e89

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/org.chromium.android_webview/Code Cache/js/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5 bbed66f52372308b3efd926deb9fe7f0
SHA1 1ac69d17cd8141bbcd3f33060880d283df109979
SHA256 27fc7be94364e70de40bfee79c47738217206fcea066bd9aab8293f47e31b0e3
SHA512 24cb9fe67f38e6e0be508ba5d331d2b39970c29d3034fbd214a60deaea4884ffbe9ab974516c81e5c4e275c5f85d13cef4412a091e2a6cea18cbb12d0789987d

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/GPUCache/index

MD5 6d7d499960179766cd4261d12dacc411
SHA1 e6f8553b0015e12b23cc551afe98763f3b1c9bed
SHA256 c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182
SHA512 6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/GPUCache/index-dir/temp-index

MD5 4a8d5d757d6ceac2bb3632dd039aebe5
SHA1 bc7345a2dad0df3e2ea674a59b1158e8caceb0af
SHA256 f36829aab666a6ede60ceec78b5b207a0853bf69e7aa38605e64b31128b97fb7
SHA512 650255f901437ba0c2f1b89dfdf419c20af6445a7d5956a8c4e9891066eb61132be9508789961702f12115d4529f1ee3d5b6fbaf2ee02a84c742cf39fabd2463

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/cache/WebView/Crashpad/settings.dat

MD5 1909e7ecf31bfd6264ce3a9a40f28fec
SHA1 e311805209f359d5eed15a025544df6c4ddb8cf2
SHA256 481f7f7a66a160a8f2224d02ddfc06c487395578ef47224b6af0a9b1c3f530f3
SHA512 d4bf5739b2adb51bd83750b5d34885cc6505a7c6467fae0f4feb407a0ed1bc790c129414f8c8fbb7b6a6c17f367ad8a589bd0df4b291be86f22689797ef4e8f5

/data/user/0/fdsmmmuqdmoygq.hjcdfefbiaul.wuobryqudyxokymq/app_webview/.com.google.Chrome.XS8AXY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e