cerberus

General

Target

a2e3f134ebb2611e479e65b48640656a
Size

133KB
Sample

240225-exfsssca4z
MD5

a2e3f134ebb2611e479e65b48640656a
SHA1

f0d9cf5ac9f07c377e31c4f892a10ec57ec74583
SHA256

f39adb513b813fed06d57d22116b3ba384e93a40c0247d798c46988777e67b5c
SHA512

c44300a039e945cf87a0e0b09736fbd43a29c702e0e0aa21e7214aaccea1f34bb3c734852484bd2f15956bec8f8e6acfcc3616fd1c95ac954c5793e8869962a4
SSDEEP

3072:3dujd1ddYUBN9KYD7Kh1IMN9UT0fuLuIQ2XzXcvW:3w51cU/YuGhqks0fovQ2jsvW

Score

10^/10

Malware Config

Extracted

Family

cerberus

C2

https://kaledeonnumarada.xyz

Targets

- Target
  
  a2e3f134ebb2611e479e65b48640656a
- Size
  
  133KB
- MD5
  
  a2e3f134ebb2611e479e65b48640656a
- SHA1
  
  f0d9cf5ac9f07c377e31c4f892a10ec57ec74583
- SHA256
  
  f39adb513b813fed06d57d22116b3ba384e93a40c0247d798c46988777e67b5c
- SHA512
  
  c44300a039e945cf87a0e0b09736fbd43a29c702e0e0aa21e7214aaccea1f34bb3c734852484bd2f15956bec8f8e6acfcc3616fd1c95ac954c5793e8869962a4
- SSDEEP
  
  3072:3dujd1ddYUBN9KYD7Kh1IMN9UT0fuLuIQ2XzXcvW:3w51cU/YuGhqks0fovQ2jsvW
Score

10^/10

cerberus banker collection evasion infostealer rat stealth trojan
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

1

T1516

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

1

T1513

Command and Control

Exfiltration

Impact

Input Injection

1

T1516

Tasks

Sharing

General

Malware Config

Extracted

Targets

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Requests disabling of battery optimizations (often used to enable hiding in the background).

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3