cerberus | e31f1b158aeaf407cd7a56f87cf4c2cd13bf048db2d00b62c3da711801435839

Analysis

max time kernel
343083s
max time network
90s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
02-02-2023 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9180b00a96b161fc0ad41ab4d8bc0784.apk
Size

1.2MB
MD5

9180b00a96b161fc0ad41ab4d8bc0784
SHA1

90ff5ba4ce5b0e3e1b8ae8b061c961f7ed9b989a
SHA256

e31f1b158aeaf407cd7a56f87cf4c2cd13bf048db2d00b62c3da711801435839
SHA512

99834c23322224f91fda0bd9f5f77e47cf5e5cf3f07b09450d420d71bec4114f871dad6f6609f7ca6771fcf6aa48a32fe7a0ff1702f492f2a4ededf0b7bee957
SSDEEP

24576:MytLmk1x3ww9Qw9sbzGyVrNvWFYF1mSchJInH2R/dtLvu/454:ptLma/5uBxvZD12Gn0dtLvu/04

Score

10^/10

cerberus banker evasion infostealer rat trojan

Malware Config

Extracted

Family

cerberus

http://5.161.92.133

Signatures

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.youth.dog

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.youth.dog
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.youth.dog

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.youth.dog

ioc	pid	process
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json	4397	com.youth.dog
/data/data/com.youth.dog/app_apk/system.apk	4397	com.youth.dog
/data/data/com.youth.dog/app_apk/system.apk	4397	com.youth.dog

Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

com.youth.dog

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.youth.dog

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.youth.dog

com.youth.dog
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4397

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.youth.dog/app_apk/system.apk
Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/data/com.youth.dog/app_apk/system.apk
Filesize
316KB

MD5
69b3ca57adef18f47b71ce651769abf4

SHA1
7204f2b55b577cadc557a4074c29831e313662d6

SHA256
26533562f7e9db5feafc571f9cea03cc80fcd2917ebb0744de30fb8dec12141b

SHA512
22713beed0583876a801eeef1e13a5677025567866e898fedb8201befdab3a4d88de759a410bcb00f7ba8261a10cce977328d536436989b051df6495998a31f1

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json
Filesize
64KB

MD5
1c8c296848e65975be9925d647c5fde4

SHA1
1b1053b791287e2b84560b49c28d7077b66a988c

SHA256
40a61cd486b2f67aa1d3299f1d2bf3d4397df5b83c63c7bcf1c7de1d4e4b49bf

SHA512
e3fca9d2cade471a6586bfb55748149560060c8c8a1d7a502862049eb4c4ab59155f5d81051ccd8cc5d1f6f755c9bb44f9e07b66ae92e9eccc660fad343e0706

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json
Filesize
124KB

MD5
d69fa4e700cd7db215670d08f693c7d0

SHA1
f5c0e1ea2e516971eabb8dc65222f46d615522b0

SHA256
00bb12647c67c2c84a7ce5656556dc35915df7bd66142e8e87306fa148040ce0

SHA512
8333e96202dd258dd4f24a579bee7416766e24a234d30febb3f8d04fa44cf11aa0085d77faa4aabc0257cb7c2a8cd1ee941eaa0282c10980126f1377dea29482

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/oat/di.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_apk/system.apk
Filesize
346KB

MD5
0f0b849a407e63fbfd6ab212b89b0177

SHA1
a9c859da13fbf6add0f3a3ccf6a2d46ced8695d3

SHA256
8941c02d6dd5bc5cbff919c93a3642498e07991e6b8cd3205df9950c764dda95

SHA512
8ab86843acf4a685211ab3ba8079cc5b8b4f2ab2127096a8c3afe34c99358faee967cb68fd3b8c69cb09a76f2302396bb0c6ab5fba7e81ced500061ff239b99b

Download Submit
/data/user/0/com.youth.dog/app_webview/.com.google.Chrome.xgpuTA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_webview/Default/GPUCache/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.youth.dog/app_webview/Default/GPUCache/index-dir/temp-index
Filesize
96B

MD5
6d373310fcbd4e850926afe0d6e0b8b6

SHA1
f754f5fae8fa9562b7f3a4eb47e2b92701adfa08

SHA256
6beafad06d853d865e81f3a22fa5079364d2799f2fd83e01e70ae3a4b1269826

SHA512
6802dc21312cea6442b14f18ef1549c2160670ce6f1002b5b959882c33dc04c9657f0479aa6a8279b2a6cdd33c3c98eb8e4ee1719425329e4d7a979c54033359

Download Submit
/data/user/0/com.youth.dog/app_webview/Default/Web Data
Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.youth.dog/app_webview/Default/Web Data-journal
Filesize
2KB

MD5
bf5ef9f37be142d9e0b0e87cbc603163

SHA1
2637bedcdc86027b70f34b936df8ed27bc6ba495

SHA256
97cc93f0b8fcd517fb860226f0dfc96031ef0d322a7a8f83b709a9563f992f2e

SHA512
16b2c4b489214952eaae8e753cb9195c5f26ec663b73177f01c554b51aa92121e09690af3c4f2d4e2ecec0d81681a9bd86db6fc0152f04ab4fa79e5b23438f01

Download Submit
/data/user/0/com.youth.dog/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_webview/webview_data.lock
Filesize
19B

MD5
4ea22f3710de1d7e171443114a448b11

SHA1
ca02e007a345a083610ca14b0d19146869e349c4

SHA256
6c8b703de6294f1f6c140e80b70572a47a7ac79ea670634ad49899d059fb9c29

SHA512
530ccdea7e39db42fbfafef18fd4c27f28517042b70d61d914b8a05dc6c32063d22068b4283027f0cbf047ed070ff5123ca509373b7a53475859a2a1d752d294

Download Submit
/data/user/0/com.youth.dog/cache/WebView/Crashpad/settings.dat
Filesize
40B

MD5
12c919ab45f81693254dad99f9c86881

SHA1
2e647f88ad2a604328a084c6870ad1f8277a4ef1

SHA256
06db08818a7a92e9f4afeb8e53aa70236b9bb9bcc1011bff57a7afd684c59ff8

SHA512
d5a8f29bec1d1b310f23f320e4c4dcfe30907d2a3160bfbec0a5938b8481dd13cd5993f5c074690bb2d65c491940cf299d4f0679ef44193035c684fcd06b2b40

Download Submit
/data/user/0/com.youth.dog/cache/WebView/Default/HTTP Cache/Code Cache/js/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.youth.dog/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
Filesize
96B

MD5
514a8527a9f6d6b6717edf4a13cc116d

SHA1
be6d2c8d5b0e0cc207d2242e7e4c31cb60868935

SHA256
7e95e4171df0f58bede8081a9e00af797fb8640d39f659e3ffd1e17570c43c02

SHA512
013e76ce570fedae605df6063e728b60df2d4aa13511b912436caeb89e0865afb142d9492644f05ec6154f2fe622d6bccee891c0d030e8aa55b572da15dbcf05

Download Submit
/data/user/0/com.youth.dog/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.youth.dog/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
Filesize
96B

MD5
8eff5e1a2623f827111c4f3c845b7b8b

SHA1
733d3ecb856536227e2daab1f517096af45afd23

SHA256
a139edfc150071e3e4af4dc803bbc54d783e1840ed105082a01b2aa19bbda649

SHA512
11d43981f8f6b7bcca5bcb490a860f2380a59bec855371a463254e46e2f0278b4393bfd2c0721668fea09d877ad0ada29861dae27925acb9fc3dac56b1aab4c8

Download Submit
/data/user/0/com.youth.dog/cache/WebView/font_unique_name_table.pb
Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.youth.dog/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.youth.dog/shared_prefs/settings.xml
Filesize
116B

MD5
d238bcaede8d9fc88b09c0e7fa6248f3

SHA1
7dc3c46230aeff7499e958a777a15ba65d483933

SHA256
44b7e05984b2ff4a389f942dd8e2c6c948abb1edb92ad88d124472fb9ff974c1

SHA512
ef57d436fa7452f4d7a1e737351eed1a74155b8803ab28f838ae6cf134ca6b4be3a47731d024d2ba3c89bb26bdd24b68fb323f5b7d16c36712df42ac093a1a52

Download Submit
/data/user/0/com.youth.dog/shared_prefs/settings.xml
Filesize
163B

MD5
95f6cf275d56aef2102b62828f7034c0

SHA1
8117a0e4daf60ee6edf88e6992c764680be59890

SHA256
5dcaced0b68e0ccc444f98aa2e1eb657c177f808be3d65352b1381eb4c778e96

SHA512
6dd12b3f5091eea21604e412748d14e48f77ce03982768cfad754bd581a024b6ccb3e99ed094b4ac27493ac225c99504f6d55b215db2e9e11f1df234d86925fe

Download Submit