cerberus | d81c00d48f918cab3bdfdb461378872db0e2a076c648b07a8e80d9093fd35b75

Analysis

max time kernel
71s
max time network
147s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
14-02-2024 18:13

Target

9c5200a23dcebb4ef84a97352b6b865f.apk
Size

133KB
MD5

9c5200a23dcebb4ef84a97352b6b865f
SHA1

df4ac5ee9d114e22f413995bcc28376da66c74b0
SHA256

d81c00d48f918cab3bdfdb461378872db0e2a076c648b07a8e80d9093fd35b75
SHA512

e43cdb6b9e5d3b02297499730b88e0663dc1e7ded3af067578adb6e63590ece01fbd6c2c834be81c30302c8674f6824906584e168d44f7a7cbb1f559d3aa6fb2
SSDEEP

3072:seDseSZnX0VD3xe676N/CQ0TSzX30KuLuIQ2XzXcvm:CeSNCDheE6N4U0KovQ2jsvm

Score

10^/10

Family

cerberus

https://hayirlisiolsunbugunlerde.com

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.ujtwzkjqusrfzj.tyqbf
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.ujtwzkjqusrfzj.tyqbf

Removes its main activity from the application launcher 1 IoCs

pid	Process
4494	com.ujtwzkjqusrfzj.tyqbf

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.ujtwzkjqusrfzj.tyqbf

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ujtwzkjqusrfzj.tyqbf