cerberus | c13d23b6ce53010ebb9167d933ad02c1b01d97225706198a05b6bcc045b37f69

Analysis

max time kernel
2950310s
max time network
106s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
25-11-2022 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PLAY_STORE4.APK.apk
Size

2.0MB
MD5

8975014dc9ed1eaeaae059a4eb867b65
SHA1

e6d88ce42080567d36f14eac475bf19fffa2da11
SHA256

c13d23b6ce53010ebb9167d933ad02c1b01d97225706198a05b6bcc045b37f69
SHA512

12251e533827146fbffb1173bedae799d81a71a6759477d16d76fa279008c320c7a987cb6cb36b4d49a9dd7f4c5df624f67c17ca7703189b63a3c73bf43d9970
SSDEEP

49152:u77BVdSJN8cmH3oaIvwy6ZZjORxse4nviujng53+mmaIHYCC:u77BVdJc+DZwvszbjnUO8

Score

10^/10

cerberus banker evasion infostealer rat trojan

Malware Config

Extracted

Family

cerberus

http://78.47.205.9

Signatures

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Loads dropped Dex/Jar 8 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.wonder.pepper/app_DynamicOptDex/Epyf.json	4858	com.wonder.pepper
/data/data/com.wonder.pepper/app_apk/system.apk	4858	com.wonder.pepper
/data/data/com.wonder.pepper/app_apk/system.apk	4858	com.wonder.pepper
/data/data/com.wonder.pepper/app_apk/system.apk	4858	com.wonder.pepper
/data/data/com.wonder.pepper/app_apk/system.apk	4858	com.wonder.pepper
/data/data/com.wonder.pepper/app_apk/system.apk	4858	com.wonder.pepper
/data/data/com.wonder.pepper/app_apk/system.apk	4858	com.wonder.pepper
/data/data/com.wonder.pepper/app_apk/system.apk	4858	com.wonder.pepper

Reads information about phone network operator.

com.wonder.pepper
1⤵
- Loads dropped Dex/Jar
PID:4858

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wonder.pepper/app_apk/system.apk

Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/data/com.wonder.pepper/app_apk/system.apk

Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/data/com.wonder.pepper/app_apk/system.apk

Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/data/com.wonder.pepper/app_apk/system.apk

Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/data/com.wonder.pepper/app_apk/system.apk

Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/data/com.wonder.pepper/app_apk/system.apk

Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/data/com.wonder.pepper/app_apk/system.apk

Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/user/0/com.wonder.pepper/app_DynamicOptDex/Epyf.json

Filesize
64KB

MD5
8d4252da6246d52bfb48ed15e99a2526

SHA1
3061e2949373de427d98aa79444ebb9b37d5278d

SHA256
b5eb92cc1da20ce4a3409b226e01adafd63a7be7aaf192129972fed1983fbd30

SHA512
bd051bdfcd61c3064eea6211d48f38fce64edfb03469d859b6dbfe5206eb1d303b19f0012ac6a682681391b14e5ed26455dd6baf40758d073bf525344dbac749

Download Submit
/data/user/0/com.wonder.pepper/app_DynamicOptDex/Epyf.json

Filesize
124KB

MD5
6d01742dc7d218ae86731a342c349d4b

SHA1
ad45b85d0da5a9a75e4c046ed578ea2d613cac8c

SHA256
3787dce436c74e24c178c7d252f6e130bb9731dbab75ddc0f4a351875b79532e

SHA512
28dd37d6f27de5723d6836ebcd1c8084f57108bd5a6774299a8049b38532b66e52637272a2f8b49288458eedd6e32cf83a686f3869ebcb425a2895032424d8d9

Download Submit
/data/user/0/com.wonder.pepper/app_apk/system.apk

Filesize
346KB

MD5
0f0b849a407e63fbfd6ab212b89b0177

SHA1
a9c859da13fbf6add0f3a3ccf6a2d46ced8695d3

SHA256
8941c02d6dd5bc5cbff919c93a3642498e07991e6b8cd3205df9950c764dda95

SHA512
8ab86843acf4a685211ab3ba8079cc5b8b4f2ab2127096a8c3afe34c99358faee967cb68fd3b8c69cb09a76f2302396bb0c6ab5fba7e81ced500061ff239b99b

Download Submit
/data/user/0/com.wonder.pepper/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.wonder.pepper/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
778ec22150556994d53f9f473993094f

SHA1
4a36fff73c03731cbd51f75c194860a9f27b7a9b

SHA256
9391942c332dbf52fbc3ce06ce35fdd3261b22c70111112257701edf89bf0e0c

SHA512
f0a4663463e5cfa5a0511ba8d02f12a3be5f06f99a36707a0e77750c245d8137bab1f542b107db229c7ae90fe97e7c2b0101efee47132c1723e5d7926a94a195

Download Submit
/data/user/0/com.wonder.pepper/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.wonder.pepper/app_webview/Web Data-journal

Filesize
1KB

MD5
61d14d86665b49b55e9f96752b0fdf7d

SHA1
70ea4110b29416adcffeb2d6e2482291b3999521

SHA256
02573797f91ce33d11d3158f4601d8baf31a8c1b5d2b182ff7be43474be648ad

SHA512
316a61a88859a4e3de6e7d6d30cf03026a20eb4b206a57bff0a069c04bfb66ec6824b038c3848d7ae93be15dfd42078947573877d32c5de57c3a4b77c614da7b

Download Submit
/data/user/0/com.wonder.pepper/app_webview/metrics_guid

Filesize
36B

MD5
8175c562395cba1619c7ddd02afc809a

SHA1
681b73481835d6004f99834f06ba8a910fa812a5

SHA256
881ed5640d42ffd13d1e41962824fdccc271556807ddabb56737eff2c63bd00f

SHA512
22416e6980c6fa5c2184bf500efb4b7a79e477783fb5fa33c1d4dc5e21847af76a92a8666089f567bb08dc3c0f919d94d3b001e8e75252f2ee1f4eadcc978ed3

Download Submit
/data/user/0/com.wonder.pepper/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
d20ef035a2b60e80af734cb6f73df488

SHA1
3a5d725a380cd41148ce1d57e4890af699a07916

SHA256
3b6539bf95dae0dfe0d8590dd55f2afb85ca39d9d4354151346887ed5dfa8df3

SHA512
ded0799879bf444c18c2d1de24e6e690d5748584dc49447c426c8409a9be1263580fc514e7c00d1a453901ab883884c5918671b213372be5c112fb1a60fca5cd

Download Submit
/data/user/0/com.wonder.pepper/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.wonder.pepper/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
0599ec5a524fc5069ad841702516d262

SHA1
dbdd19e60bfa8cca89987db7df33cc21f8356db1

SHA256
9c3f1e8c996d0071df3bf6bdabb6c3417bd1e5cf15ab8445509f737834187395

SHA512
0a0fd00f6173abbeae807707879aaecb93f50e41ac46378602ba2ceb5bceed97eb00eec304a0471d9692f00c93c348c40d79ffb0261f1cb2590ac8e4e55e22c1

Download Submit
/data/user/0/com.wonder.pepper/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.wonder.pepper/shared_prefs/settings.xml

Filesize
116B

MD5
d238bcaede8d9fc88b09c0e7fa6248f3

SHA1
7dc3c46230aeff7499e958a777a15ba65d483933

SHA256
44b7e05984b2ff4a389f942dd8e2c6c948abb1edb92ad88d124472fb9ff974c1

SHA512
ef57d436fa7452f4d7a1e737351eed1a74155b8803ab28f838ae6cf134ca6b4be3a47731d024d2ba3c89bb26bdd24b68fb323f5b7d16c36712df42ac093a1a52

Download Submit
/data/user/0/com.wonder.pepper/shared_prefs/settings.xml

Filesize
163B

MD5
95f6cf275d56aef2102b62828f7034c0

SHA1
8117a0e4daf60ee6edf88e6992c764680be59890

SHA256
5dcaced0b68e0ccc444f98aa2e1eb657c177f808be3d65352b1381eb4c778e96

SHA512
6dd12b3f5091eea21604e412748d14e48f77ce03982768cfad754bd581a024b6ccb3e99ed094b4ac27493ac225c99504f6d55b215db2e9e11f1df234d86925fe

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads