Overview

overview

10

Static

static

7

d3ad33fd9a...d7.apk

android-9-x86

10

d3ad33fd9a...d7.apk

android-10-x64

10

d3ad33fd9a...d7.apk

android-11-x64

10

ad.html

windows7-x64

1

ad.html

windows10-2004-x64

1

disney.js

windows7-x64

1

disney.js

windows10-2004-x64

1

googlephoto.js

windows7-x64

1

googlephoto.js

windows10-2004-x64

1

hbomax.js

windows7-x64

1

hbomax.js

windows10-2004-x64

1

netflix.js

windows7-x64

1

netflix.js

windows10-2004-x64

1

web.js

windows7-x64

1

web.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3518876s
  • max time network
    39s
  • platform
    android_x64
  • resource
    android-x64-20230621-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system
  • submitted
    07/08/2023, 20:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d3ad33fd9a192aea9837033045084cea36ce9c0c812c616d1c405ac37ddbcdd7.apk

  • Size

    3.0MB

  • MD5

    ff71432833755a490d24004a0efa7037

  • SHA1

    a0d746e34ba6e23fba841efd17dd94ede91776fa

  • SHA256

    d3ad33fd9a192aea9837033045084cea36ce9c0c812c616d1c405ac37ddbcdd7

  • SHA512

    0e2684000dd6765ea41372b6f60c8ac5384255400ca7065069c6f54ea22d5cafdd373bbc26c5ca1e36c7ef58ef74baeeed5f0452ace1d5021f64db1a5e903bff

  • SSDEEP

    49152:OlP/nxlDR4awgMTyLYOJM5zuOVtVG2dWByOMykCAGy0Lu7udcqUquOyba/EPk:Ol3xv4IYc01VO2dWgOOCmUupLvVa/EPk

Score
10/10
cerberusermacbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

C2

http://185.215.113.59:3000

Blowfish_key
AES_key

Extracted

Family

cerberus

C2

http://185.215.113.59:3000

Blowfish_key
AES_key

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.skin.gauge
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4781

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.skin.gauge/app_DynamicOptDex/Nd.json
          Filesize

          1.8MB

          MD5

          52b79a03990df1a5cc60f4688a7fff02

          SHA1

          8021edbda08fc6dbc868c05495e63b91cf92c0ce

          SHA256

          dc19076bc63b15f7386eb6de4ca06d65b5b0cd9b5ea06aa2e10e8e880afa1e1c

          SHA512

          9a702d85ad4a36d709357a8ae796de912c7c6954a4d9ce8389e9f949832ad0d8c9f07d28bad13a2ef473c3a8ef7068d2770c2a2ce7293fea9de4d134cb6e51e1

          Download Submit

        • /data/user/0/com.skin.gauge/app_DynamicOptDex/Nd.json
          Filesize

          7.3MB

          MD5

          161d1d2393a075e28baae22c3dfb5ae6

          SHA1

          8a413815888bf2ce31d5daf524c1ed3efe95fa90

          SHA256

          997f0953ced007aaa2495a4848451bc36c223aa19c7aa134d6feb70fc6c401ae

          SHA512

          a052a7cfacfe5f111b4bd0e3cdad4a0a0c373e185a62918831f5cee328299cdce9d6fe2417be7068c7c2a490fefdd11f7fda8fc7aa0f23bbb26fa945b86ed35e

          Download Submit