Overview

overview

10

Static

static

7

21440d7a92...34.apk

android-9-x86

10

21440d7a92...34.apk

android-10-x64

10

21440d7a92...34.apk

android-11-x64

10

content.html

windows7-x64

1

content.html

windows10-2004-x64

1

group_topic.html

windows7-x64

1

group_topic.html

windows10-2004-x64

1

mama.js

windows7-x64

1

mama.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

Resubmissions

22/09/2023, 17:08

230922-vnkcmahd2z 10

21/09/2023, 18:44

230921-xdsblaca32 10

20/09/2023, 22:01

230920-1w89lsah3x 10

Analysis

  • max time kernel
    3030280s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    20/09/2023, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21440d7a9289ef45f7438109a5e334b09d917d28c4ef972d1dcae349b6e31834.apk

  • Size

    2.4MB

  • MD5

    f31c96e95584c7073b8be905e444044c

  • SHA1

    85897eb018caa5e6bd9e3419e2a36276e2d92741

  • SHA256

    21440d7a9289ef45f7438109a5e334b09d917d28c4ef972d1dcae349b6e31834

  • SHA512

    fd79918d0fd3ebfbc2ca54f1d762fa7cc952c1e052a320467f2f8f19ce03023bd3a630b78371d633f1d7fde0a2f2e1e458f3934d9c63a1c6c4dd9ac4db56a7d3

  • SSDEEP

    49152:Tavum9a2D6tudueh4w9vcZTuujopJLEE3aUbUDuoEp1vDGbXZT1RmjF0hiGb:2mv2D6tudus4dZTuujo3X3Guo6bcXZz9

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://94.131.11.56/

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Removes its main activity from the application launcher 2 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Removes a system notification. 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • com.irmlgxhth.sjllqffoa
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:4970

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.irmlgxhth.sjllqffoa/app_app_dex/stuhgsg.fip
    Filesize

    188KB

    MD5

    f4776ffc82a37967dfc549c9c305e8cd

    SHA1

    b64cfcf40dd2e735a4610fbd4e6db8c6df30485d

    SHA256

    0d25ebbcbc50144cb672c6091b1a13ee232a07414e3e5172b68e6ece714e8324

    SHA512

    07fc10b886dcc7bb43910d5a13f01c07b1cdcbcd55924e777025f21049b3ec554a9a6470d52a99098b2a6a192afb696e9935159be3c27bf722d7da355c98feba

    Download Submit

  • /data/data/com.irmlgxhth.sjllqffoa/files/uhhfml.osn
    Filesize

    22B

    MD5

    76cdb2bad9582d23c1f6f4d868218d6c

    SHA1

    b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

    SHA256

    8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

    SHA512

    5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

    Download Submit

  • /data/user/0/com.irmlgxhth.sjllqffoa/app_app_dex/stuhgsg.fip
    Filesize

    188KB

    MD5

    f4776ffc82a37967dfc549c9c305e8cd

    SHA1

    b64cfcf40dd2e735a4610fbd4e6db8c6df30485d

    SHA256

    0d25ebbcbc50144cb672c6091b1a13ee232a07414e3e5172b68e6ece714e8324

    SHA512

    07fc10b886dcc7bb43910d5a13f01c07b1cdcbcd55924e777025f21049b3ec554a9a6470d52a99098b2a6a192afb696e9935159be3c27bf722d7da355c98feba

    Download Submit

  • /data/user/0/com.irmlgxhth.sjllqffoa/app_app_dex/stuhgsg.fip
    Filesize

    188KB

    MD5

    f4776ffc82a37967dfc549c9c305e8cd

    SHA1

    b64cfcf40dd2e735a4610fbd4e6db8c6df30485d

    SHA256

    0d25ebbcbc50144cb672c6091b1a13ee232a07414e3e5172b68e6ece714e8324

    SHA512

    07fc10b886dcc7bb43910d5a13f01c07b1cdcbcd55924e777025f21049b3ec554a9a6470d52a99098b2a6a192afb696e9935159be3c27bf722d7da355c98feba

    Download Submit