Overview

overview

10

Static

static

6

a4475c03d8...12.apk

android-9-x86

10

a4475c03d8...12.apk

android-10-x64

10

a4475c03d8...12.apk

android-11-x64

Analysis

  • max time kernel
    62s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    25-02-2024 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4475c03d87a0804c9a25be2c8ff7d12.apk

  • Size

    3.2MB

  • MD5

    a4475c03d87a0804c9a25be2c8ff7d12

  • SHA1

    44e82e4202fc37eb36827ee803537a4c8ee092b4

  • SHA256

    c6b4625fa5f17b2ccd87eb3ebcf8573f84426ca150ce784d7b0e8a52281784c7

  • SHA512

    db58d7caf52fd572fcb1b4405fec67d4236dd378644ac768c84a2e6ed094c5471f1eaec9ff2bf9fd26a47cdae4428d816a55689d69521531cc15a1c2a9785703

  • SSDEEP

    49152:/f1JZWg4fKxRSwUBqTN3ylgy1iHcK/Cf8f3qIs754d/MH2k3Jno+UfTPj6ggH4GY:NWPfK6eTNilbbvWqIQN3F38lCiN

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

https://zonesdurmaz.xyz

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • catalog.where.power
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5052

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/catalog.where.power/app_DynamicOptDex/nFklZcG.json
    Filesize

    581KB

    MD5

    d5ef17d1275ea704391951ce36cba3ee

    SHA1

    0ed547204f6c087b134b400862af766867623457

    SHA256

    0f7d89d52561d220d49abd7e0995bbd858630f64f256dda28a259056e6ac1002

    SHA512

    acab452fda07f787ef2f4c8cd80ff59d0e5d3094914f83b32089c82e1897fdd92a1a5791c3aef729adb8aef07c0a1f89fcea2e21398d093142dcde6580d141b4

    Download Submit

  • /data/data/catalog.where.power/app_DynamicOptDex/nFklZcG.json
    Filesize

    581KB

    MD5

    91198e6e90a88baabe0115faaf9fc3d4

    SHA1

    25cd88742344a7320f947093516fa95f0ec4e61e

    SHA256

    57c8baa064e826176947d174943f008efbc5d425d2fb80945307f90212f91dd8

    SHA512

    20749ec1ac03ead422b06c893c6e89a07cc963cd828826de1b4c9610a42b192d6ab7970c86cf0d94cbccaff3ad197ce942081da0d28d1cbea088557004dab4ff

    Download Submit

  • /data/data/catalog.where.power/app_DynamicOptDex/oat/nFklZcG.json.cur.prof
    Filesize

    256B

    MD5

    9e48f8f10d293472d4ca0721bbf39336

    SHA1

    da6cfd7273d2a8fa0644b12c37ee42160b7f7ae3

    SHA256

    95d0ecd66d3f8757f3939684bae6e0dfba208e625f526b0aa505ee47bb605f03

    SHA512

    2e412d180195544523749b8ead6fe229ca524334e1d901f352c1af4cc2936c887a0031c2731b920a5d7715034bc472856e04d1fe5244cb2e6d4d0507a773fe9a

    Download Submit