Overview

overview

10

Static

static

6

183ac21bb7...94.apk

android-9-x86

10

183ac21bb7...94.apk

android-10-x64

10

183ac21bb7...94.apk

android-11-x64

10

Analysis

  • max time kernel
    2916906s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    25-12-2023 10:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    183ac21bb70d1e9527de39136d927094.apk

  • Size

    4.0MB

  • MD5

    183ac21bb70d1e9527de39136d927094

  • SHA1

    c654873f2c978fd1538e215a8db6ca847a06fbb0

  • SHA256

    cf3e16d6328d572cdf4476809e25c52790d77bec8ac1a52a7129485c55a7c6a7

  • SHA512

    cc6c3cb1f86d05c5072b3d5bc57af690f2b49ca054e505bc67ce758586076c0d8fecff50e8e7b1c06295fc8637134f6ace6a14570fbbba74d3bbf29da80a6cf4

  • SSDEEP

    98304:kFWGTMw78bjU4Tg3rwk/K1xGbuGV9Nt4DWzpnw+YHq7+ri1:kFWGTMg8bjfsXaxGi09L4DK+LHba

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://193.37.212.83/

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Tries to add a device administrator. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • stay.benefit.recall
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Tries to add a device administrator.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/stay.benefit.recall/app_DynamicOptDex/Gg.json
    Filesize

    35KB

    MD5

    8565c3f3871acc5a8756e93b9fce7d57

    SHA1

    ef7e3a6dfb786919c809719eaf278e4b6031047a

    SHA256

    d72dc040bc5cb6458985d29e873892326d0e25ad927900aba1e8e702acf5585f

    SHA512

    84121a38cd4eae9f4e5adfa67dd287e93b91836d8d197a31e811591daa4e297fc055a3d8d7b57b5ea051aaa800d5e8078d7f1e68895bdd2815d7ebc1a5a9797d

    Download Submit

  • /data/user/0/stay.benefit.recall/app_DynamicOptDex/Gg.json
    Filesize

    632KB

    MD5

    78264d3e20ce5c48c395d05d5fe38ec5

    SHA1

    da11537c8f15de9150fa902767fac39f6952e58f

    SHA256

    b863a1f8fdbdee8eba238fd32820a942b6228cb4e71c33ce58208b6c3b0ae3f1

    SHA512

    928c931733d9b88391beb530f62779a4795bdcc45e6597d6833a480a971643b0fe22828d3b6c6fcdf30ce4eb03ea276d9f2d9faff103a9e7d0f819d124b8135d

    Download Submit

  • /data/user/0/stay.benefit.recall/app_DynamicOptDex/oat/Gg.json.cur.prof
    Filesize

    242B

    MD5

    6400bccddde341790dc72ed9ac18f6fb

    SHA1

    e34131229314b06524abcc56101f9bf4b1b75ee3

    SHA256

    f8acf4f80037e0473cd93dbf732775e3b8a70efa2e66aabe4c8b1cd2b89f1037

    SHA512

    9d359f593161740304edd41aaa79895d9d0dfed102f3c535fe3ee51b923d611073285e9f5c8afa0f550ee18e1b8a93ede5d99892e8a11f639368685e6caf4edc

    Download Submit