Extracted

• • Target

    7ee960512983796848c432aacad8b8eafee37bce6a16d031726672bb611dad79

  • Size

    1.7MB

  • MD5

    94900fcbce6801a6f6c7dc751a7496c5

  • SHA1

    578a7afec658622d07579883d4760340f49bffe0

  • SHA256

    7ee960512983796848c432aacad8b8eafee37bce6a16d031726672bb611dad79

  • SHA512

    2d3814e05a06c99b56d320eebf05b8701a17eff0b1fc3b009a5641795af2880e73fb318e81f060cac15b39ca035f32e10d3d033633b956b41ca3a26fcf7d890a

  • SSDEEP

    49152:zs+zkezkr4yIijU5G/9gehJ1hPMA1spjgqXyi7OrUAW3QOjIlegV00I:zsykokslijU5w9g4JbMA12j0fpKQOjwk

  Score

  10^/10

  cerberusbankerevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3