cerberus | 0b8c026dd1d8208aedc6cfc92102f8c105f9b54a50e8cf5a15bd1a5ade83f9da

Analysis

max time kernel
1838586s
max time network
76s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
24-09-2022 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b8c026dd1d8208aedc6cfc92102f8c105f9b54a50e8cf5a15bd1a5ade83f9da.apk
Size

3.0MB
MD5

02a7ce8ecf19f04fc3cdd56bf34e7267
SHA1

9c2d21ec470dedd11c38459b68da5d27621dc09d
SHA256

0b8c026dd1d8208aedc6cfc92102f8c105f9b54a50e8cf5a15bd1a5ade83f9da
SHA512

3f01b5d5cc546f552e707a707f43a3dcf228032c9a121a3dee8d6785a28431322819f1dedd34c9350929e85fd668398cb79ab8e479a1b9cd16b85792c643d3e4
SSDEEP

49152:61r+tdKavrnGz8flBlXj3IF4ZwNAQnixwqkv6ZrUx0Wt+3lBeyflT6t3X9cPmlaU:3prGzylHz3PZwNTTv6ZrKw4yfOXiOlaU

Score

10^/10

cerberus banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

cerberus

https://lovertruechat.shop

Signatures

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.zippilqdi.ucunvfgbj

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.zippilqdi.ucunvfgbj
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.zippilqdi.ucunvfgbj

Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

com.zippilqdi.ucunvfgbj

pid process

4399 com.zippilqdi.ucunvfgbj

pid	process
4399	com.zippilqdi.ucunvfgbj

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.zippilqdi.ucunvfgbj

ioc	pid	process
/data/user/0/com.zippilqdi.ucunvfgbj/yi8djtsh48/6kk4dIu8Ha6fhfh/base.apk.jIihfus1.fk8	4399	com.zippilqdi.ucunvfgbj
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.zippilqdi.ucunvfgbj/yi8djtsh48/6kk4dIu8Ha6fhfh/base.apk.jIihfus1.fk8]	4399	com.zippilqdi.ucunvfgbj
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.zippilqdi.ucunvfgbj/yi8djtsh48/6kk4dIu8Ha6fhfh/base.apk.jIihfus1.fk8]	4399	com.zippilqdi.ucunvfgbj

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

com.zippilqdi.ucunvfgbj

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.zippilqdi.ucunvfgbj

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.zippilqdi.ucunvfgbj

com.zippilqdi.ucunvfgbj
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4399

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/.com.google.Chrome.lSymTY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/Default/Cookies
Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/Default/Cookies-journal
Filesize
1KB

MD5
57c27c0752cb61bba0e519ecfb46f970

SHA1
40998d4abff4306a162278733578a5a669bef1ef

SHA256
cc50111de5dc517ea54af03adfaf752f02b5486617151a1f304908c6113e68f9

SHA512
41f48b099ed4526898e0fcbf37028565a128a9f32b292e9801a6b8e9f157434de050c38e73b4ed4eeb02af22e391a32ec7975deca721117683530fcd52498602

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/Default/GPUCache/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/Default/GPUCache/index-dir/temp-index
Filesize
96B

MD5
867875bad28bd24718f1f8571c1b044e

SHA1
c54f69f92450404306b5acab0dee79007b5e55e1

SHA256
2725fa3b28999c08a56b9a1962a2d1189491b1f78d489490ba9577e1ececb185

SHA512
940a99bf00e3bc7a5ae751f93f7fa52d27ca445e022438b06aa9c09b3cd178895e96aa2c0f68afe08f974c88a68b203c4440db6e7c3f006247cd6c28a4839e8c

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/Default/Web Data
Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/Default/Web Data-journal
Filesize
2KB

MD5
ee4fb040b864194fb851ffdb458c698d

SHA1
bf1d4a8535fad7a7bb2ac4bc41969095ea80bbef

SHA256
69ccddfa2bbb1d74040d315c4acba4edf9bc260066a23db05a62ae3a6a4a5fc7

SHA512
7b70bbc866a9a891b2d001a43fd74ff2ed351fb23995f1b79230e30dd038275e13fc985fb0c5234bd548460ae4729c70f5e9d6cd3338ba6614bbdcd0d5462eb0

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/app_webview/webview_data.lock
Filesize
29B

MD5
a7291c6e4c4126d5d82651b85b04faf8

SHA1
8000dd307480534ee8ed395722677c8df0a62184

SHA256
d5e2e3302f895b6de42c32cc7098e892b24d012effc323e999fddc82793cfbd5

SHA512
3c39f5d5a581200a4b6d28d21c8092c5d26748ded49e0e2b7f4857e7daa37c5dd16979404113c50fe52a717c37e7bb43b74245b962fa52d790af21bec263e1a7

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Crashpad/settings.dat
Filesize
40B

MD5
80ed615b9d61748b572eb083d5c90f22

SHA1
47e8e1fef62e6adb29cd771a47b0224d7686b449

SHA256
db2c21f0c0616c7055739f7cfb83e480e521d114a1260cf2f16aad944c6e987f

SHA512
b61d731925c6547de2d51d6413b0d0fc9575f714024312c7a0571184cf1b6b9f6d5f1cfc67537f993aa41b21968bffe0a455e98c16692ed7f4a0567c1c2cb814

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Default/HTTP Cache/Code Cache/js/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
Filesize
96B

MD5
dda7c6b0ed8d9525a618038dedf0d8ac

SHA1
7de5ce3d02fefb159bad88c7dbc2776ed0788e31

SHA256
556794f8c7cf1c8006abe37f4e6c7fb49e786df4b71e86a17d30bf7a837fc11b

SHA512
57b4cc17da6fe4f512acdf938bdbd93dda012d97a72056ff47dc02b8f511cd6c8a30a21745b83aa48ee1f333ae61428c0bb14158cf1e81db8d7c3106e76715b2

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
Filesize
96B

MD5
7c97f898ffc88c0d74404e534e5e15b1

SHA1
72514bd079f8ef9304190108de743f6a4672ff2a

SHA256
0b7b965505a1674899c424331c6cad6dfa91b581ecde1a8ce4a9ec794212ea0c

SHA512
f16dd31e90b0f10638d5a14f12d24b153eb05625e9990449c74223870e0fdacfdfe6e39bc8ca4f60c99ff2259832de821e02f5fcf5c816cd6628b84faa3ca415

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Default/HTTP Cache/e8ecf140b4b68ab6_0
Filesize
360B

MD5
232ebd3c4105faef570c03c8fa43433a

SHA1
ce5035dd7c59553ee0be17a25144ab6756c03885

SHA256
2cca461b47fa9f9ab1e679c1f20e0ae5cfc59b486f82dc819aad31e9021974bc

SHA512
f7669815a4d6a5bc54cf7e7fb1016c351936c85413ed07dd22329b0eb92eb9bacaea23424ea573b5331c018bb2d4d7b3e593e449c5c19dbd07f1ffbd575e6834

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Default/HTTP Cache/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Default/HTTP Cache/index-dir/temp-index
Filesize
144B

MD5
dfe0046635a20d6cdc7e5cc8e193ab5a

SHA1
a1651328d7d414af1d07ef81d8e0e27f09aa8d1e

SHA256
4e55ec080f56bca18dca92ac38f610c915b1a8c7b26c90aea7a8672c8bedb1fc

SHA512
6a2e3ce160f5006caa6c387f74b2ab6a9e6ea98bd5a10dd92d7ce2ab33ceaf6232deb6afe744572d1f96ae4a5edc598cca41e6b2f60dc2837bd515baf110d3d1

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/Default/HTTP Cache/index-dir/temp-index
Filesize
96B

MD5
b1f1c1f7f4d47713370792b2d3aeafa2

SHA1
154fadaecfb3aa106a5517735a7bbff0f279d27e

SHA256
35740694212a70a8b12799c0228e9a515e6e42af58b3ac1ab8e540603462b4a0

SHA512
f14d04c17d390b58ba92d9c7458b91ab8778401cc43aa00306f7a9c6a7adbe64269868e356d03efa06fd83a2d650a1553b4781ec71c295e3e672ad470b50542c

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/cache/WebView/font_unique_name_table.pb
Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/shared_prefs/multidex.version.xml
Filesize
306B

MD5
8dc30e312af6186f302327ebc7e4e12c

SHA1
aa065c31e3641305abb017667e5231c3fa91010f

SHA256
a2a96e607b1c5ff64d31dacff0654633a30eadd4d010e8a9c640f11c9399c3e4

SHA512
e2b2a37540427b8339a8e158951c559c40b1cb22f447df567b572d9dd57896d142ecbe01ff845062a64490a8629a33ded12930ab948474d2462ec7381e7630e5

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/shared_prefs/settings.xml
Filesize
116B

MD5
d238bcaede8d9fc88b09c0e7fa6248f3

SHA1
7dc3c46230aeff7499e958a777a15ba65d483933

SHA256
44b7e05984b2ff4a389f942dd8e2c6c948abb1edb92ad88d124472fb9ff974c1

SHA512
ef57d436fa7452f4d7a1e737351eed1a74155b8803ab28f838ae6cf134ca6b4be3a47731d024d2ba3c89bb26bdd24b68fb323f5b7d16c36712df42ac093a1a52

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/shared_prefs/settings.xml
Filesize
163B

MD5
95f6cf275d56aef2102b62828f7034c0

SHA1
8117a0e4daf60ee6edf88e6992c764680be59890

SHA256
5dcaced0b68e0ccc444f98aa2e1eb657c177f808be3d65352b1381eb4c778e96

SHA512
6dd12b3f5091eea21604e412748d14e48f77ce03982768cfad754bd581a024b6ccb3e99ed094b4ac27493ac225c99504f6d55b215db2e9e11f1df234d86925fe

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/yi8djtsh48/6kk4dIu8Ha6fhfh/base.apk.jIihfus1.fk8
Filesize
186KB

MD5
1c8fafcd5b0ac1e8f3af0a6565300c22

SHA1
7b8263f5e3ebcac1759ecb249a6825b1a6eb5ed9

SHA256
82916a381c27737fc31cc9ad45c45a65a1be4f689783f9962ce2a11e4f172354

SHA512
0953f3b979e67bdc47bf5b2db56ae18379283208136aeb6f50be42f3fac584ecf2eead5bfb2159446c3802c25f60ffd32b8c88da0c998e91cb4608e03215b79d

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/yi8djtsh48/6kk4dIu8Ha6fhfh/thbfqjf5.qhgj
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.zippilqdi.ucunvfgbj/yi8djtsh48/6kk4dIu8Ha6fhfh/tmp-base.apk.jIihfus3118108897258657892.fk8
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.zippilqdi.ucunvfgbj/yi8djtsh48/6kk4dIu8Ha6fhfh/base.apk.jIihfus1.fk8]
Filesize
186KB

MD5
1c8fafcd5b0ac1e8f3af0a6565300c22

SHA1
7b8263f5e3ebcac1759ecb249a6825b1a6eb5ed9

SHA256
82916a381c27737fc31cc9ad45c45a65a1be4f689783f9962ce2a11e4f172354

SHA512
0953f3b979e67bdc47bf5b2db56ae18379283208136aeb6f50be42f3fac584ecf2eead5bfb2159446c3802c25f60ffd32b8c88da0c998e91cb4608e03215b79d

Download Submit
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.zippilqdi.ucunvfgbj/yi8djtsh48/6kk4dIu8Ha6fhfh/base.apk.jIihfus1.fk8]
Filesize
186KB

MD5
1c8fafcd5b0ac1e8f3af0a6565300c22

SHA1
7b8263f5e3ebcac1759ecb249a6825b1a6eb5ed9

SHA256
82916a381c27737fc31cc9ad45c45a65a1be4f689783f9962ce2a11e4f172354

SHA512
0953f3b979e67bdc47bf5b2db56ae18379283208136aeb6f50be42f3fac584ecf2eead5bfb2159446c3802c25f60ffd32b8c88da0c998e91cb4608e03215b79d

Download Submit