Overview

overview

10

Static

static

6

977dc92d18...51.apk

 

977dc92d18...51.apk

android-10-x64

10

977dc92d18...51.apk

android-11-x64

10

Analysis

  • max time kernel
    2438890s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    977dc92d18c8bea5715b3bd46b7801a52be80965b3601ad05baa58769f3bf751.apk

  • Size

    1.8MB

  • MD5

    42a20b06481ae88f5d2b1076ca3da355

  • SHA1

    e3fc045fdccf77e4db659112219458496045cfff

  • SHA256

    977dc92d18c8bea5715b3bd46b7801a52be80965b3601ad05baa58769f3bf751

  • SHA512

    ad4db515e39eddeaf6ec4bba0d793d7aad4dadf1514ee80074d1323c070738e712eaf41e601d1c517b85fb68b174d365987ff50f1e80cb6b577cebc06e4e7996

  • SSDEEP

    49152:EXFl5kbs72J0wUb4mqYFIUUnmDRZ9IcT/Lu:e5kbs72Wb40FIUSmB7Lu

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://51.81.86.1

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • com.medal.mandate
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5086

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.medal.mandate/app_DynamicOptDex/oat/urjEk.json.cur.prof
    Filesize

    202B

    MD5

    8006451f54e0578e4c16ba12c18e4323

    SHA1

    e5f7a069ad8fff254ea85ccc9daf09cd82836dc5

    SHA256

    a5b6efbff20fb9a517522091b011dccf97ed1ce18f2bdae2959268a737c78aa5

    SHA512

    364d3317f4d9edfa09def0767cc994e06ca2e731c0baeedbc08aaa6b5c920ece264cc7814a894b12cf4a51dd86e90df3dcf0f8dda11352870be31471eba3edbb

    Download Submit

  • /data/data/com.medal.mandate/app_DynamicOptDex/urjEk.json
    Filesize

    64KB

    MD5

    2c562d33988d2429f678f5612e4d0cc6

    SHA1

    9a3ff43c68e8c31c470eab6e0e7c7bc4d5d63b01

    SHA256

    8a2ec526da43d4728c71590616d642bbb84adc10f083f2b26db99d37905df5b9

    SHA512

    76015f2e628d2904d731c0a0373329033135f1256699659630dd2a7a2d40de8992d9027a3a5af164cc29c1a9cc66dc956d316fd1daa8af7788bf18cd14627271

    Download Submit

  • /data/data/com.medal.mandate/app_DynamicOptDex/urjEk.json
    Filesize

    64KB

    MD5

    773506f9aa3f50ed9145054f5ec49536

    SHA1

    70657f16a01055822d7d21d57f07a850fbb5b109

    SHA256

    31572cafcfe890244a469fc17015a678e77d514ef0161bedfdcd0f0effb3bb6d

    SHA512

    0a3a37bdaea6b154e224a3d281da26152fd65ec0cbc570be912514137c85594995adf2c2a8f939772ea1516f90f111a947f62f573b259fb395396cfe07dd0881

    Download Submit

  • /data/user/0/com.medal.mandate/app_DynamicOptDex/urjEk.json
    Filesize

    124KB

    MD5

    f210db8f07e78273c7eaecf70aaaa656

    SHA1

    46b700c9cf20193abf55549e7feb4887e6fe6954

    SHA256

    50c487cbcae9c03ce3257850b20c8c3747a91713f3e5f1023a597ea142e2def2

    SHA512

    14748745e6a08861bf3605dd8ca55bfbb6a961ee8a4dc300b5b2c90ac94a47bbe8c69e031ad3afe863bfb48f9071df6f0547b784ee45c483e52a72e8bb995339

    Download Submit