Overview

overview

10

Static

static

6

ae0debff97...65.apk

android-9-x86

10

ae0debff97...65.apk

android-10-x64

10

ae0debff97...65.apk

android-11-x64

Analysis

  • max time kernel
    84s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    29-02-2024 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae0debff9782b762d1af19d911f49765.apk

  • Size

    3.3MB

  • MD5

    ae0debff9782b762d1af19d911f49765

  • SHA1

    befa60188677052e5cde8d64ed3df99f4b46ebb5

  • SHA256

    44fbcb269e79997235008f5f97d0cb7e9ed370de0ea6e4783fbcebce1ff0ad24

  • SHA512

    f7fcfd66f60c57a5030ef3ce1e7c41fefcaa91144b4183f1679be48079881773a8852e83a6b0cf9e95a3e0a29b245e4a81b6f49a059323c766906f7f9896c4fa

  • SSDEEP

    98304:12PLkcxzGj9kFCuJSs6bg+GhwfIFQAL+MRB57:ELfzkkFCHs69Gh75+sB57

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://dombilibambam.xyz

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • similar.inquiry.rigid
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4466
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/similar.inquiry.rigid/app_DynamicOptDex/oin.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/similar.inquiry.rigid/app_DynamicOptDex/oat/x86/oin.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4492

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/similar.inquiry.rigid/app_DynamicOptDex/oat/oin.json.cur.prof
    Filesize

    894B

    MD5

    f90319787d122eb2c7915882f5fe9e77

    SHA1

    52c9239b0622f3426ab20ad0f0efec50e8309cf0

    SHA256

    8f45d9386b480697fdc0c78a9a7639fbb496208ffb050acdc1ff53304c4c7563

    SHA512

    b33d5738e87616ef8b4ee2b59d4f9051f5be038456e483f0af24692b7a6b9ca70a0a84642f64af659eb5ecbd7b29d7661fb9cc086b11054ae96e7b353f5cbd84

    Download Submit

  • /data/data/similar.inquiry.rigid/app_DynamicOptDex/oin.json
    Filesize

    730KB

    MD5

    67f442698f64603b75512b847d244737

    SHA1

    4148009e2dd5c8fd082206a2f41728b5fae9a187

    SHA256

    bed419abedc1e6c0ceaf57d8b8cccb35539ebb30d9d9c73a216f11a90a152302

    SHA512

    6b27bf8b38a09e2723d9912a806dfe9d14dfe2b278a93e5d4a8f75a7ce9b2f38c7b59a24085f70b01d214c0207435965cfb4d994fcf3d9f9372459fdbece5c27

    Download Submit

  • /data/data/similar.inquiry.rigid/app_DynamicOptDex/oin.json
    Filesize

    730KB

    MD5

    913fe78e2ce5c416cc718009c56269bd

    SHA1

    30fc9b59c1b85bad9667cad25b81cd9f3fdf29ce

    SHA256

    9667c7596a9516713b7ca57e8d2eba560450c6c6829a0088e71360df6916cab4

    SHA512

    fa647466bab4da4dda2b74c262a57e987f132e3ff9edd1580431802105a037c586fe0ffc77915c60a9a8786b31b842e675aa4a5a58832694f74a2b8aa77d62f4

    Download Submit

  • /data/user/0/similar.inquiry.rigid/app_DynamicOptDex/oin.json
    Filesize

    730KB

    MD5

    579d200331c112120052d9306b9eacae

    SHA1

    2fde90ee8ccfda6696f6fc0c82c59c4a4a3117b0

    SHA256

    4ad04a0cf723ed04d1abca194bef14454d26944e32b023e9882917b381b15296

    SHA512

    280cda972c899db7e61b19a7720954c220764ecf408f28210dc6523546ed32bb4741da938047dcdf88454927f6110b1a0c17d9b5354aa0fb3a2fb8293308aad7

    Download Submit