Extracted

• • Target

    7983b8621a6ee1e41266c138a379760bf21777c522ba18dd3565ff38f1f9814a

  • Size

    2.5MB

  • MD5

    4758340d4d7f41d05c348ec7c6958918

  • SHA1

    c64d3426a80a7b15f4580afd1686a8102b77ee92

  • SHA256

    7983b8621a6ee1e41266c138a379760bf21777c522ba18dd3565ff38f1f9814a

  • SHA512

    1afed35fc1c06c01f4cb56e81d5f9ee50e4d56075064a8eaca0b85e10b022ecc7c36858cafe7857510d0d2573f96f297ad4133088fc7740295184b64b1b48438

  • SSDEEP

    49152:YcK6WF9djT40+9gFaLauk7MISZSWpfvC+VKmBbXett1rFP+EdX3evtEjD:LK6WnRN++uaukFzWpnCsKU6D1rhBevt6

  Score

  10^/10

  cerberusbankerevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3