Overview

overview

10

Static

static

6

1b9f976f49...cb.apk

android-9-x86

10

1b9f976f49...cb.apk

android-10-x64

10

1b9f976f49...cb.apk

android-11-x64

10

Analysis

  • max time kernel
    65s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    24-02-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b9f976f49c4f31bd74f0356b692c26984f193bac5173ec0221966b1f938dacb.apk

  • Size

    1.2MB

  • MD5

    339b1f24e5ea9c72cd3e061c5030a510

  • SHA1

    f780db687fe17c08ccb0bf63925553c2cfce32af

  • SHA256

    1b9f976f49c4f31bd74f0356b692c26984f193bac5173ec0221966b1f938dacb

  • SHA512

    84bbd9dcffe9a624b75d97fa1e614fde1abfcb393a6adc13c294574d5aa3b811f7f7125cf7e091648dde14d6837852f5a6ac68d204db5bd68fc9dd015a4ab70a

  • SSDEEP

    24576:urxOkVCA4HNHfEioyBTyqqOdfAxLiyqP+f6brmMEXFJgzM1GcP:uNPVCtiLyBTaviVkyXEXLgzM1GcP

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://95.217.6.3

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • com.notice.can
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4181

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.notice.can/app_DynamicOptDex/dub.json
    Filesize

    64KB

    MD5

    4cdc9607349b59eb60ad0dbdddfc4a42

    SHA1

    57b7888ce5c919ab9367cba6b3374704a25e4733

    SHA256

    5a4882b690d2f8becc876b0068bef5269d82b47b7fb985fb29e88c14193dde07

    SHA512

    6fd33df7b7e35586a65039ec24ee471e78c774fc12d9c995f44a77c748e599db74a723b1eed901caae92d6e985c7d0a416b4d8551833ed6280f2045c531fe51c

    Download Submit

  • /data/data/com.notice.can/app_DynamicOptDex/dub.json
    Filesize

    64KB

    MD5

    7b2eff816f885809e290381e35178e03

    SHA1

    74636f7e46eb446f71ba83bbf1b3acd7dac996af

    SHA256

    20c18da2a89afd2d5089c784cc7830be9d5574adea31c8167c207b1e32795e88

    SHA512

    7fe6a525360cde25ebf2535e3c35d6dc79bbcac2cac58544530540a0964cfcb232f6761006b8210c8cdde436a6a46d11b7decdc7bf5a10903f9bd13aac4ad394

    Download Submit

  • /data/data/com.notice.can/app_DynamicOptDex/oat/dub.json.cur.prof
    Filesize

    196B

    MD5

    a26e0a1c886c3345b1f8b1336e85d63e

    SHA1

    98560cb345913f2b092bd452e2488aae2a5df3ae

    SHA256

    811606b6bc5b9b80e7f5ee60f5a00bf90174ab8935e411bd9b3c77aa194442a9

    SHA512

    438ccc7831966541c98c01424f8a1593eaec7e8000ad9e54efdc36fdad69a4a66de461ae8d3f7795563a25d2eb01861120397f60dbab03fd953172008a7f978d

    Download Submit

  • /data/user/0/com.notice.can/app_DynamicOptDex/dub.json
    Filesize

    125KB

    MD5

    98c8aed5530a3b5f58ea809a3eb46870

    SHA1

    f80baa9e14420ed749dc2c5eb193492fa396e19a

    SHA256

    2ba93b45096f41e3b31cdb459050702775d8f0eb1c402759d7a7cd5a18d9246a

    SHA512

    8859f3081159e36e5af54db5443973f1181697ecad9210b820a5b9697930037c421b97579217bb607c8b831c53c253461591abe7054a02d95f5f848e8eeacd73

    Download Submit