Overview

overview

10

Static

static

7

0b05008110...32.apk

android_x86

1

0b05008110...32.apk

android_x64

1

0b05008110...32.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b05008110e260a92f6c60705271c6e9a7e261277d5babbbf5051b0408bdcd32.zip

  • Size

    1.2MB

  • Sample

    220702-xkk6vsahf5

  • MD5

    285f35ecc0347b2889b07c32894c9f5e

  • SHA1

    6b992cf50ddd6d8786884f3e29bb445b21c0118c

  • SHA256

    1e10beea43b7029aef433fea494ea54409b6117ba13ddd3fb8c8fe6254ee34fd

  • SHA512

    420939d14b1782ed8fab97dce7ea4565de6fdac1980b60cfec5e46bb0fa52913092549997c5e9244926c4cb1f9b3b5ec21b2de1088ad1da6a1ff7c5ab0043f0c

Score
10/10
cerberusandroidbankerevasioninfostealerratsuricatatrojan

Malware Config

Extracted

Family

cerberus

C2

https://adneedads.com

Targets

    • Target

      0b05008110e260a92f6c60705271c6e9a7e261277d5babbbf5051b0408bdcd32

    • Size

      1.3MB

    • MD5

      d6ff7de901570944ca1f74b1ba705c53

    • SHA1

      4bf655ae787e6a69942bcfd9afecf6a116651364

    • SHA256

      0b05008110e260a92f6c60705271c6e9a7e261277d5babbbf5051b0408bdcd32

    • SHA512

      5e02b483014166f0c2486c12daa604a028bd9eac0afe09bb5c8c67368cfb26bab61f2d5c60bc310c4972993bd4a20b348da918ab2ba1b8cc661ce8ad71bc28cf

    Score
    10/10
    cerberusbankerevasioninfostealerratsuricatatrojan

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

      bankertrojaninfostealerevasionratcerberus

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks