Extracted

• • Target

    135e116b58156421ca82e964c2bc62f8

  • Size

    3.9MB

  • MD5

    135e116b58156421ca82e964c2bc62f8

  • SHA1

    0fbe0ab9fdcdc03774304aa0130b1207d50eb1e5

  • SHA256

    46f13df8a54b8abc7750efb70c9a5da82b9e65c68e071f2d1cc1a22aba360dca

  • SHA512

    a9a0df066028a266bbd4d1b6fbc9d4e3f095c25a0355813d6325d6aa05232d38f3accc3fec03e71b629482763c6a6c26b0b39e4a9f79d3b771efb91e4bec9144

  • SSDEEP

    98304:0+ITvw1LJfwtBJQqaX5jwSvKKGLhqaTAQFFCczMWQY:0+ITv2LFw9S5heqaTZCGQY

  Score

  10^/10

  cerberusbankerevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3