cerberus | 8b1b059cc24abbe98d07aebf99a0a43ab465384728004bd237735cff96b3cf65

Analysis

max time kernel
62s
max time network
149s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
05/02/2024, 04:24

Target

910821d6ff713ff5bc65cf4eea5ea779.apk
Size

3.4MB
MD5

910821d6ff713ff5bc65cf4eea5ea779
SHA1

d19b52e7dbd574efc354db51b81ab13827fb9fa1
SHA256

8b1b059cc24abbe98d07aebf99a0a43ab465384728004bd237735cff96b3cf65
SHA512

c0b449d22f297c43f4956a5fa6fe640b93394be13e814ab5595270314b6d3dc948c695cbf23b7fb39b12c3788ca74bf3abcaf86da59eb58476dca49d848f0c47
SSDEEP

98304:ZPBuU4Rv3euwpA7N0TmEuV5h8oLGt1o5UUdx:hBp4xeuwW7N0TbcEoLGzoZr

Score

10^/10

Family

cerberus

https://bitcoinsell.market

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	that.slush.photo
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	that.slush.photo

Removes its main activity from the application launcher 1 IoCs

pid	Process
5106	that.slush.photo

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/that.slush.photo/app_DynamicOptDex/kP.json	5106	that.slush.photo
/data/user/0/that.slush.photo/app_DynamicOptDex/kP.json	5106	that.slush.photo

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	that.slush.photo

/data/data/that.slush.photo/app_DynamicOptDex/kP.json

Filesize
691KB

MD5
12bf8039ce68032768114a266338b55d

SHA1
cb4c5c9c97e0d74f72a849065ecfab82b50ebcbe

SHA256
7a530fb64ebb00191cb795a686e54b7d2191a383abd6a63d45aadfe9228770c4

SHA512
2803faa2949a8b133976de183d38ff89bb0312023c5516f50a64ac6e6b89bcaf0d476e0a8dcaa24675bbf1492283dbb2b8e67d969830207e5ea847db29dc0e14

Download Submit
/data/data/that.slush.photo/app_DynamicOptDex/oat/kP.json.cur.prof

Filesize
269B

MD5
60185db499120a0b34ccce565ccdcafa

SHA1
a5b972249a81b81fa4ad8d8d1877f3f9cc34f65b

SHA256
587f5f0280385683262f2f9f64d50e36a0c4261610277373470f524e41d77982

SHA512
0238d168064c1c459a902afb7fa0fbe7332fc8ef9041da4f05885444ea7656700d8c88610d1a19362f7ed472c2799b777e68541d8d74f6673501d574da9e0cf3

Download Submit