Overview

overview

10

Static

static

6

700beb9999...2d.apk

android-9-x86

10

700beb9999...2d.apk

android-10-x64

10

700beb9999...2d.apk

android-11-x64

10

Analysis

  • max time kernel
    46s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23-01-2024 16:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    700beb9999c245e961b8ad7483f3df2d.apk

  • Size

    3.3MB

  • MD5

    700beb9999c245e961b8ad7483f3df2d

  • SHA1

    e384e6b27ad71e764ecbe8afcb553d095c8a405d

  • SHA256

    2aec28011d9c414b88ae862806b9262655bd88088ea9113379b672e7d0eb80df

  • SHA512

    8a0eec5c11ab0c369d0fc43ea508f09d9c77f2c72e7bb6027a1a33c0ec390bd36e19701aff6479a99327ae2a88fbf13d0fd9454ed250180c0845a5145811eaf7

  • SSDEEP

    98304:/W1wBRH98slSUu5FmhCpYVabbXoEVDXotD77:/bBRH98SSUuXmmYVgoEVDotD77

Score
10/10
cerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://52.183.39.178/

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • caution.fee.kind
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4470

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/caution.fee.kind/app_DynamicOptDex/JcPIQX.json
    Filesize

    720KB

    MD5

    f59a5ef14b05aec0ef9b4461204ecd2d

    SHA1

    addbffd29e944d6ca68c30dab27ab74c8b39e626

    SHA256

    14c965e90537c4eeeae4e5224770f1aaff1a929f836a3fc11561b39943079f35

    SHA512

    9be98fa3b51aa0b087400af86425a1e97b2c5abb0296f7efbc0c44316359657ca24b6379f6538f837bd83f89fb2c7726b55ba508abbc9ba160edae0f24ff56b4

    Download Submit

  • /data/user/0/caution.fee.kind/app_DynamicOptDex/JcPIQX.json
    Filesize

    720KB

    MD5

    5a23343d13efd34d45c1dbb392822188

    SHA1

    af769da81c4d98ba1802255a901e16ea94f783f9

    SHA256

    29b013de5cd438b0d5bcb354a000d71280b80f2e29ae2cb218cf57251a09136c

    SHA512

    151fc7f668215d1f695fbb0f0b25dd34d16832ea40013d1545b595a344a7a5c760632c2c431a8a035e18b225dc06f5e8ba2d92a606661ff00b0ef99c79ade3e8

    Download Submit

  • /data/user/0/caution.fee.kind/app_DynamicOptDex/oat/JcPIQX.json.cur.prof
    Filesize

    237B

    MD5

    e794e5aca705e30c9db056d10250bf4a

    SHA1

    ed8b53cfbc4f25ad514c532fd4b7037746a9d05e

    SHA256

    6c6c91fe4ab84ab11f81a4ca1b060ca2cdba2991c66fcd3bd698ff9bddd30bca

    SHA512

    6910d74b4a66acaf8a1c04d0a43f1714a368d3fb3ba7567ea7f402101aa64d7afdc406ef454c3f4903908801f17d3494500b44c16432e3dea909d69c712011f5

    Download Submit