cerberus

General

Target

ad7ff8233512617cd296fc15aa7adae3
Size

3.3MB
Sample

240229-dbqv7sbf6z
MD5

ad7ff8233512617cd296fc15aa7adae3
SHA1

58ac62e12b83db6e4ea3543cc2c03f05fc9eab5f
SHA256

2eb9c0cbf4a10a12de885bbcf5ea7e123fc83fd3f14d907c0c012cd4ec8064f3
SHA512

35f043f34957be33414cef2c2c4775dbb63b13fde28f0e0f6441b2b35c30965cceaf3797717d5264977acec0e2beb210c1001c13f315d5fe79b091e1ebf5d575
SSDEEP

49152:htX9AUTidKqdpp5SEdoj5iv2UyxGGnxHmnYjPPyxju2eTcemhi6QoZUCjQs/g+mc:OUPSp7v2VxTUEn2XLhf2VrFi

Score

10^/10

Malware Config

Extracted

Family

cerberus

C2

http://dumpsdeveloper.com/

Targets

- Target
  
  ad7ff8233512617cd296fc15aa7adae3
- Size
  
  3.3MB
- MD5
  
  ad7ff8233512617cd296fc15aa7adae3
- SHA1
  
  58ac62e12b83db6e4ea3543cc2c03f05fc9eab5f
- SHA256
  
  2eb9c0cbf4a10a12de885bbcf5ea7e123fc83fd3f14d907c0c012cd4ec8064f3
- SHA512
  
  35f043f34957be33414cef2c2c4775dbb63b13fde28f0e0f6441b2b35c30965cceaf3797717d5264977acec0e2beb210c1001c13f315d5fe79b091e1ebf5d575
- SSDEEP
  
  49152:htX9AUTidKqdpp5SEdoj5iv2UyxGGnxHmnYjPPyxju2eTcemhi6QoZUCjQs/g+mc:OUPSp7v2VxTUEn2XLhf2VrFi
Score

10^/10

cerberus banker collection evasion infostealer rat stealth trojan
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

1

T1516

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

1

T1513

Command and Control

Exfiltration

Impact

Input Injection

1

T1516

Tasks

Sharing

General

Malware Config

Extracted

Targets

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3