Extracted

• • Target

    e7bf50674fca53b416a5ec50dc86d07f080e3429ad84ea956c758cf7beec06ef

  • Size

    3.4MB

  • MD5

    c51085d2f81eb3ba8d4a7b8786167899

  • SHA1

    17c3bffcb7793110f2606ed34642801e6a01d5ab

  • SHA256

    e7bf50674fca53b416a5ec50dc86d07f080e3429ad84ea956c758cf7beec06ef

  • SHA512

    fe37a6ed9b053421371042749607e2a60b51ed9ae86ae8000ae47e74320361cceeec1ccf3ab1bf374764309454b85abde1ac1ab05cf76b7d16faec873f7e8594

  • SSDEEP

    98304:WT7mOSF3Ze3sPMkHdX1bjrcIApterESpmmTDch/1yGWG:VOSF3ZSEzfIpterESEmTDchdJWG

  Score

  10^/10

  cerberusbankerevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3