cerberus

General

Target

ac231b8de64b552696a21f32ed958485
Size

3.0MB
Sample

240228-r4q9bseb32
MD5

ac231b8de64b552696a21f32ed958485
SHA1

099c1599f295189f1e06545b9392d8a816bc64c5
SHA256

d62ea27f4ef3cda3854a6e442753da28be399553d6b266b1f9a64dad6908c739
SHA512

416277f2107f7e317757b6a5684cca024b6f154abe74230ff228dc8ee5dbd4878d157a8dc6f4dba2bee98e49193c2e96d4fa6ccae4c17e95df69b1e7675a373f
SSDEEP

49152:/dCoEUA3Vw9XAHQ57xMCtX460+EH1iRh1Tg66Vh/F51+swF2IOG2TT9kgFHOPQEP:S3OXPx/I6dySh1TgRVVFiswF2IOGaGdj

Score

10^/10

Malware Config

Extracted

Family

cerberus

C2

http://whauxyz.xyz

Targets

- Target
  
  ac231b8de64b552696a21f32ed958485
- Size
  
  3.0MB
- MD5
  
  ac231b8de64b552696a21f32ed958485
- SHA1
  
  099c1599f295189f1e06545b9392d8a816bc64c5
- SHA256
  
  d62ea27f4ef3cda3854a6e442753da28be399553d6b266b1f9a64dad6908c739
- SHA512
  
  416277f2107f7e317757b6a5684cca024b6f154abe74230ff228dc8ee5dbd4878d157a8dc6f4dba2bee98e49193c2e96d4fa6ccae4c17e95df69b1e7675a373f
- SSDEEP
  
  49152:/dCoEUA3Vw9XAHQ57xMCtX460+EH1iRh1Tg66Vh/F51+swF2IOG2TT9kgFHOPQEP:S3OXPx/I6dySh1TgRVVFiswF2IOGaGdj
Score

10^/10

cerberus banker collection evasion infostealer rat stealth trojan
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

1

T1516

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

1

T1513

Command and Control

Exfiltration

Impact

Input Injection

1

T1516

Tasks

Sharing

General

Malware Config

Extracted

Targets

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3