Overview

overview

10

Static

static

6

ac231b8de6...85.apk

android-9-x86

10

ac231b8de6...85.apk

android-10-x64

10

ac231b8de6...85.apk

android-11-x64

Analysis

  • max time kernel
    67s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    28-02-2024 14:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac231b8de64b552696a21f32ed958485.apk

  • Size

    3.0MB

  • MD5

    ac231b8de64b552696a21f32ed958485

  • SHA1

    099c1599f295189f1e06545b9392d8a816bc64c5

  • SHA256

    d62ea27f4ef3cda3854a6e442753da28be399553d6b266b1f9a64dad6908c739

  • SHA512

    416277f2107f7e317757b6a5684cca024b6f154abe74230ff228dc8ee5dbd4878d157a8dc6f4dba2bee98e49193c2e96d4fa6ccae4c17e95df69b1e7675a373f

  • SSDEEP

    49152:/dCoEUA3Vw9XAHQ57xMCtX460+EH1iRh1Tg66Vh/F51+swF2IOG2TT9kgFHOPQEP:S3OXPx/I6dySh1TgRVVFiswF2IOGaGdj

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://whauxyz.xyz

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • vapor.olympic.caution
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5029

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/vapor.olympic.caution/app_DynamicOptDex/oXkCNom.json
    Filesize

    808KB

    MD5

    c9719aa33bc0af6cb53c65c1e016ab19

    SHA1

    db82c3e6f4cf697366459b0cfd93032e1a3bff1c

    SHA256

    de05923a6af82934c89ae431c035ef95ad1838013ed452ea7d8f4e801d651214

    SHA512

    19a1399dd0f25c3d369782034299255e3054dc7a73a6e6011e64d4aa350a1e4618117a854e7a4d248873f42f8eb3a67bab61ab2dfa853df032acc6e89c59a885

    Download Submit

  • /data/data/vapor.olympic.caution/app_DynamicOptDex/oXkCNom.json
    Filesize

    808KB

    MD5

    a86ce2b7db63486c8a2e5197422f9e6c

    SHA1

    3cc590d2bee2ce30a9ad9c9a34e533ef9bffbc2f

    SHA256

    1fb3ef8135a5214d75081cc90d01616fdd5ebe53e579a6f8d2d4ea3093423a4b

    SHA512

    4bc3a6694767866287ba223425ac3293a29d9723fb3bf9e5f6e2b213dc4c64ab98e3944bf4d3395179bde51d59e97008de435113bdcb0c6994d950328d728010

    Download Submit

  • /data/data/vapor.olympic.caution/app_DynamicOptDex/oat/oXkCNom.json.cur.prof
    Filesize

    260B

    MD5

    40cc8ef096b0dd8bdb4452ec5c0df13d

    SHA1

    714c590ab0b47c58386d22438d0a24f245c07902

    SHA256

    3ce8141d0feaafb0e362b5a211d69ed6a339f7e2247d091b17a142888e418106

    SHA512

    111dac08db31b7ed83655f1e727649559b9e39be299b8cd07a72fffd6afd70e34233208c81499357c70dba8659ad3f4eaf75f5b472d861217f5540ac6e493369

    Download Submit