Extracted

• • Target

    32ec21b1c9db99ce3262978f29fe88cd

  • Size

    3.4MB

  • MD5

    32ec21b1c9db99ce3262978f29fe88cd

  • SHA1

    7be7873e33b1d189ea7d991236df545687404e5d

  • SHA256

    de024632c0af5653655f9d0304da1273c6f7a9cbaee81add35713557e7a44293

  • SHA512

    4d651096e9acb7049db5857afb342369709b0147007d942235c1726a24db88741d15351215013416075b4c5020b3834b4080033b9ba5e9bfbb6a65ff9dc8f899

  • SSDEEP

    98304:PrJ1HhbsTEd1Qs6xYZsLcrPaGC7AHuSwG9:PrLHCTEvQs6xYZc/76uZG9

  Score

  10^/10

  cerberusbankerevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3