Overview

overview

10

Static

static

10

4defa1f795...c0.apk

android-10-x64

1

4defa1f795...c0.apk

android-11-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    4defa1f795d69d38168bffecbc19f571c61a095862713fd91cb646f344ef53c0.zip

  • Size

    3.4MB

  • MD5

    8500f7bfc8d06d4d1631cd0c4df3083c

  • SHA1

    f262d6a2f19d3f76476eb1a59a5a102274ae5af9

  • SHA256

    56039334a76b977e0ce388ad64a3fe559269b95fa2ac05e36d7863139a21393b

  • SHA512

    a69314b31d173774e198ba2020c38054cc028c9b74d3d6d0d72a0510fccdc8506864aa44a497990b2beb16e8895b0d7f1a96664e4c614404d9d3cd68f0fe959d

  • SSDEEP

    98304:X57zh/c57Iu1EEjVYdISpZCTZZOSFFZBt57p1:X5h/ceuYJpZiZOSXTT3

Score
10/10
cerberus

Malware Config

Extracted

Family

cerberus

C2

https://twelveelevensoup.at

twelveelevensoup.at:8000
Attributes
  • uri

    /gate.php?action=botcheck&data=

    /gate.php?action=checkAP&data=

    /gate.php?action=getModule&data=

    /gate.php?action=getinj&data=

    /gate.php?action=injcheck&data=

    /gate.php?action=registration&data=

    /gate.php?action=sendInjectLogs&data=

    /gate.php?action=sendKeylogger&data=

    /gate.php?action=sendSmsLogs&data=

    /gate.php?action=timeInject&data=

Signatures

  • Cerberus family
    cerberus
  • Requests dangerous framework permissions 6 IoCs

Files

  • 4defa1f795d69d38168bffecbc19f571c61a095862713fd91cb646f344ef53c0.zip
    .zip

    Password: infected

  • 4defa1f795d69d38168bffecbc19f571c61a095862713fd91cb646f344ef53c0.apk
    .apk android

    com.framull.test

    com.example.mmm.fake


  • ProtectedByNPManager.txt