Analysis
-
max time kernel
43s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
31-01-2024 11:00
General
-
Target
843d6211d9477ca445dec6daf01c9776.apk
-
Size
157KB
-
MD5
843d6211d9477ca445dec6daf01c9776
-
SHA1
0bbb2459bef1a332ab4dc5578096d7edad9506fd
-
SHA256
887af2b78b764cfeff3af2b38aa58bb233db9f4d664cfd5c5ebaeaac3a03032d
-
SHA512
9759969684a0be4a85f3bd5a81ee3d47ffab29761830a330a71e4b1ebf1ec32d3087dcf97bd6c8c9e1cc98f35691d91af511d9865802aaf4132aff0bafc3f6bc
-
SSDEEP
3072:mP6pDNCh7fHU68CYr9oDhI29xspndSG0/5s54vmhBZyRTZyRIwNY3wNY6z:I6pDYNfH0xr9sshh09wIOY3OY6z
Score
10/10
Malware Config
Extracted
Family
cerberus
C2
https://imkanversenizde100.xyz
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
Processes
-
com.wldhedwydalsprk.xfptzni1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)