cerberus | e31f1b158aeaf407cd7a56f87cf4c2cd13bf048db2d00b62c3da711801435839

Analysis

max time kernel
339473s
max time network
139s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
02-02-2023 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9180b00a96b161fc0ad41ab4d8bc0784.apk
Size

1.2MB
MD5

9180b00a96b161fc0ad41ab4d8bc0784
SHA1

90ff5ba4ce5b0e3e1b8ae8b061c961f7ed9b989a
SHA256

e31f1b158aeaf407cd7a56f87cf4c2cd13bf048db2d00b62c3da711801435839
SHA512

99834c23322224f91fda0bd9f5f77e47cf5e5cf3f07b09450d420d71bec4114f871dad6f6609f7ca6771fcf6aa48a32fe7a0ff1702f492f2a4ededf0b7bee957
SSDEEP

24576:MytLmk1x3ww9Qw9sbzGyVrNvWFYF1mSchJInH2R/dtLvu/454:ptLma/5uBxvZD12Gn0dtLvu/04

Score

10^/10

cerberus banker evasion infostealer rat trojan

Malware Config

Extracted

Family

cerberus

http://5.161.92.133

Signatures

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.youth.dog

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.youth.dog
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.youth.dog

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.youth.dog/app_DynamicOptDex/di.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.youth.dog/app_DynamicOptDex/oat/x86/di.odex --compiler-filter=quicken --class-loader-context=&com.youth.dog

ioc	pid	process
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json	4117	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.youth.dog/app_DynamicOptDex/di.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.youth.dog/app_DynamicOptDex/oat/x86/di.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json	4060	com.youth.dog

Reads information about phone network operator.
Removes a system notification. 1 IoCs
evasion

Processes:

com.youth.dog

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.youth.dog

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.youth.dog

com.youth.dog
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Removes a system notification.
PID:4060

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.youth.dog/app_DynamicOptDex/di.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.youth.dog/app_DynamicOptDex/oat/x86/di.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4117

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.youth.dog/app_apk/oat/x86/system.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.youth.dog/app_apk/oat/x86/system.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.youth.dog/app_apk/system.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json
Filesize
64KB

MD5
1c8c296848e65975be9925d647c5fde4

SHA1
1b1053b791287e2b84560b49c28d7077b66a988c

SHA256
40a61cd486b2f67aa1d3299f1d2bf3d4397df5b83c63c7bcf1c7de1d4e4b49bf

SHA512
e3fca9d2cade471a6586bfb55748149560060c8c8a1d7a502862049eb4c4ab59155f5d81051ccd8cc5d1f6f755c9bb44f9e07b66ae92e9eccc660fad343e0706

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json
Filesize
124KB

MD5
75c90a6da4ea2e53cd72ac4f13d467ab

SHA1
cef130910e4d0fbcd6f9780ff1f74f84befcef72

SHA256
1a290abfbdcc59f507c67aea6cb0dc448ab06bf161921baef5acb99f75ab50c4

SHA512
08558a31905e1d0ea56f1b518c1ba6460a97d5e382fad757626e6a7c688376f9b228a42382a3b422c21ad150876be41f5b0d54d153095f97258517c7187c6e42

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json
Filesize
124KB

MD5
d69fa4e700cd7db215670d08f693c7d0

SHA1
f5c0e1ea2e516971eabb8dc65222f46d615522b0

SHA256
00bb12647c67c2c84a7ce5656556dc35915df7bd66142e8e87306fa148040ce0

SHA512
8333e96202dd258dd4f24a579bee7416766e24a234d30febb3f8d04fa44cf11aa0085d77faa4aabc0257cb7c2a8cd1ee941eaa0282c10980126f1377dea29482

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/di.json.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/oat/di.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/oat/x86/di.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_DynamicOptDex/oat/x86/di.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_apk/system.apk
Filesize
346KB

MD5
0f0b849a407e63fbfd6ab212b89b0177

SHA1
a9c859da13fbf6add0f3a3ccf6a2d46ced8695d3

SHA256
8941c02d6dd5bc5cbff919c93a3642498e07991e6b8cd3205df9950c764dda95

SHA512
8ab86843acf4a685211ab3ba8079cc5b8b4f2ab2127096a8c3afe34c99358faee967cb68fd3b8c69cb09a76f2302396bb0c6ab5fba7e81ced500061ff239b99b

Download Submit
/data/user/0/com.youth.dog/app_webview/GPUCache/index
Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.youth.dog/app_webview/GPUCache/index-dir/temp-index
Filesize
48B

MD5
7e30f5fdc20616d45a90a5dd4d048597

SHA1
184e6feb45bf8480acad537f3e01c9b1114bb793

SHA256
0541b63f3764087922e7b78154343afcb759d69af2a2650e1cb50475035930a0

SHA512
c4aab4188fb86df724a88d5e9c92475a7c4ea21c8685dc2ce7935edcc934641b8a9d72265fbfc492c23c5d7da10db3c95aee170c66b08d68899b0f84774aa25b

Download Submit
/data/user/0/com.youth.dog/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.youth.dog/app_webview/Web Data-journal
Filesize
1KB

MD5
43fa0cd1f2677d95435c4346b8d0dd3a

SHA1
a0424d11d3febda72c22dd0b23073ffd966c4ce2

SHA256
25925295dfdfdbf77879d97a43589fc89d4be2ce7153d6d201130e70206c12df

SHA512
a35eafaa7e86332eb85321f705651144825391d0a865adbef6cd154cae4a3dcff98991ca1e07c2419edde1b57d860854da12b89aa40cd28c947f8f00ba445451

Download Submit
/data/user/0/com.youth.dog/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_webview/metrics_guid
Filesize
36B

MD5
b87f19343b75ea6bf81d43b6ed0c0f09

SHA1
bdbb12e8bf7f4b0a15fd581d9e1a1d5b87c1f34e

SHA256
b79d6b298af1a67ca3411294598f38cce454d866d7cefcbcd654f2440fc970d7

SHA512
e8422fd44dea2f181bb0a9a6b40d6d96d0f2037a2dd1b58155c33311b22b12de48ccebd6f74579fc149245baa9a273067caf4e8e2d6addd40badd6ad959e7863

Download Submit
/data/user/0/com.youth.dog/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youth.dog/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.youth.dog/shared_prefs/settings.xml
Filesize
116B

MD5
d238bcaede8d9fc88b09c0e7fa6248f3

SHA1
7dc3c46230aeff7499e958a777a15ba65d483933

SHA256
44b7e05984b2ff4a389f942dd8e2c6c948abb1edb92ad88d124472fb9ff974c1

SHA512
ef57d436fa7452f4d7a1e737351eed1a74155b8803ab28f838ae6cf134ca6b4be3a47731d024d2ba3c89bb26bdd24b68fb323f5b7d16c36712df42ac093a1a52

Download Submit
/data/user/0/com.youth.dog/shared_prefs/settings.xml
Filesize
163B

MD5
95f6cf275d56aef2102b62828f7034c0

SHA1
8117a0e4daf60ee6edf88e6992c764680be59890

SHA256
5dcaced0b68e0ccc444f98aa2e1eb657c177f808be3d65352b1381eb4c778e96

SHA512
6dd12b3f5091eea21604e412748d14e48f77ce03982768cfad754bd581a024b6ccb3e99ed094b4ac27493ac225c99504f6d55b215db2e9e11f1df234d86925fe

Download Submit