cerberus

General

Target

ae338ecd0e84e30cb0962d26ea2797cb
Size

3.2MB
Sample

240229-lp25dsdd96
MD5

ae338ecd0e84e30cb0962d26ea2797cb
SHA1

04d1634a310fa44282d8abe6763dfd851d84c4d4
SHA256

4a3d77f8c3e8d8ecbbfeda70b661f57dc4d2382996615938c71de6a4cfc2f03f
SHA512

9cd57469232cc692b4321df7eb1b630426f2921611801221212b8abd2a5a75b95d811a43835e8030222c8ca105c0eed850152e4f2c850d34bd1ffccd1c233aa8
SSDEEP

49152:s5V2pYyoevMC7JZ2AMrvHGFOWkMHlkOIdrg3nD2nexrqP+BNfEsholdZOOUkv:5ToekpepQW6neh7ei4v

Score

10^/10

Malware Config

Extracted

Family

cerberus

C2

http://sallamadamarmy100.xyz

Targets

- Target
  
  ae338ecd0e84e30cb0962d26ea2797cb
- Size
  
  3.2MB
- MD5
  
  ae338ecd0e84e30cb0962d26ea2797cb
- SHA1
  
  04d1634a310fa44282d8abe6763dfd851d84c4d4
- SHA256
  
  4a3d77f8c3e8d8ecbbfeda70b661f57dc4d2382996615938c71de6a4cfc2f03f
- SHA512
  
  9cd57469232cc692b4321df7eb1b630426f2921611801221212b8abd2a5a75b95d811a43835e8030222c8ca105c0eed850152e4f2c850d34bd1ffccd1c233aa8
- SSDEEP
  
  49152:s5V2pYyoevMC7JZ2AMrvHGFOWkMHlkOIdrg3nD2nexrqP+BNfEsholdZOOUkv:5ToekpepQW6neh7ei4v
Score

10^/10

cerberus banker collection evasion infostealer rat stealth trojan
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

1

T1516

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

1

T1513

Command and Control

Exfiltration

Impact

Input Injection

1

T1516

Tasks

Sharing

General

Malware Config

Extracted

Targets

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3