Overview

overview

10

Static

static

7

56f114a308...1b.apk

android-9-x86

10

56f114a308...1b.apk

android-10-x64

10

56f114a308...1b.apk

android-11-x64

10

bootstrap.min.js

windows7-x64

1

bootstrap.min.js

windows10-2004-x64

1

epl1.html

windows7-x64

1

epl1.html

windows10-2004-x64

1

gpl_3.html

windows7-x64

1

gpl_3.html

windows10-2004-x64

1

howto.html

windows7-x64

1

howto.html

windows10-2004-x64

1

jquery-2.1.1.min.js

windows7-x64

1

jquery-2.1.1.min.js

windows10-2004-x64

1

keyboard.js

windows7-x64

1

keyboard.js

windows10-2004-x64

1

libcore.so

ubuntu-18.04-amd64

libcore.so

debian-9-armhf

libcore.so

debian-9-mips

libcore.so

debian-9-mipsel

libnative.so

ubuntu-18.04-amd64

libnative.so

debian-9-armhf

libnative.so

debian-9-mips

libnative.so

debian-9-mipsel

mit.html

windows7-x64

1

mit.html

windows10-2004-x64

1

mpl2.html

windows7-x64

1

mpl2.html

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

mraid3.js

windows7-x64

1

mraid3.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

Analysis

  • max time kernel
    2796455s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    06-11-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56f114a308194e9804635afa69c8edae27d2a64f0cfd6991fc62eec12e9b941b.apk

  • Size

    1.8MB

  • MD5

    59daaa414b30e52072b056b78300e3e7

  • SHA1

    0a4e9326ebb657db5de4716ed96b264edeb7b441

  • SHA256

    56f114a308194e9804635afa69c8edae27d2a64f0cfd6991fc62eec12e9b941b

  • SHA512

    ce3e7b9ea1f7236b4830d03c7a46367331da969e15613e4b261c225d4fa2ece3ce5ec58b2dbb787580ccb9f9d0d5c318ae8c3d60b1c9873d52f8a30e097edda2

  • SSDEEP

    49152:GKDkRK5ciwVZYt+JJ2f4N3jnx6wPm4i9eV3GZWa0U1:JkRK9wDYtl4N3jx6wPmv9Gs1

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://142.44.163.144

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Removes a system notification. 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
    evasion

Processes

  • com.hybrid.harsh
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:5046

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hybrid.harsh/app_DynamicOptDex/WGEckrw.json
    Filesize

    64KB

    MD5

    3a8bb927114a7b078c61523f4bfb37e3

    SHA1

    d0393cbf5385ffed537621ac2e47aaa9648c29d2

    SHA256

    1989518a068269b7641ef11aa0595cc357fc0179c912a8283b2f71743ea44e51

    SHA512

    1f026ec9dbac025e87f38d2c35667c3ec70923857dc3d541b035181d789061a8231ab411a332c906629dbb997b8eaf576148edd13c17ec344f92ba40aa9dfca0

    Download Submit

  • /data/data/com.hybrid.harsh/app_DynamicOptDex/WGEckrw.json
    Filesize

    64KB

    MD5

    644256e0c745741f6a3dcce4b5bbf771

    SHA1

    d1538c7fcd420e3b0429ec663f9a5d1cfc82f0da

    SHA256

    4e981fa0622b5f98df5f102c5fc2881684d760d4b0cb4b64bf1eb8cabb1aa9ff

    SHA512

    2f975b7d789d3e3dc0ff3585670f043e605c971260c1c35d04237db97f9a8b0d4d7b5195c73b3bef4a215abd6cc9a6dc923003045e17ab8698c43aecf7369525

    Download Submit

  • /data/data/com.hybrid.harsh/app_DynamicOptDex/oat/WGEckrw.json.cur.prof
    Filesize

    819B

    MD5

    a48722a00a62bfc1c1c29d5e0684e1e5

    SHA1

    d812c6734f2b7e49322b8b3729e7516cc447d2a6

    SHA256

    69622029ec1f3559d478fcf5d888e68ccc37cb9cbc8bc3e94ac989e8547c837a

    SHA512

    9461405360318f2b8443670168cc79ef45432ab2e637f44c7c6e2c011659c0a2808f58fd4c1bc266f2a85d1cc1df5a70a5e6560eafbd29db9254712f76814100

    Download Submit

  • /data/user/0/com.hybrid.harsh/app_DynamicOptDex/WGEckrw.json
    Filesize

    125KB

    MD5

    1838419e697f62ae8c52800822e89659

    SHA1

    589496e597ae80ba99d89f52396eb080c4324794

    SHA256

    74c6fb2aa041c87ea9ccb6d4b6a36983e279875722e068461a66c42e09b192ef

    SHA512

    f14ee2843e28e7ccd1832f35503e026e9354713038479359ddd2bc6c65ffe6d9653f41dd8014d936b45c6227db646a08968152452cf7728ced9fc52318a58d31

    Download Submit