Analysis
-
max time kernel
52s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
05-03-2024 02:37
Static task
static1
Behavioral task
behavioral1
Sample
b38ee435659ea011ca2f32d18ad4d393.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
b38ee435659ea011ca2f32d18ad4d393.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
b38ee435659ea011ca2f32d18ad4d393.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
b38ee435659ea011ca2f32d18ad4d393.apk
-
Size
3.3MB
-
MD5
b38ee435659ea011ca2f32d18ad4d393
-
SHA1
20f7a1eb44eb4c8cabfc35f2375ae1ef864409cb
-
SHA256
dfc2e8bb0c4e510da768aa76c89c1b0bb150454d9ad64a66effeea5e7996b290
-
SHA512
179a92464c240687327a9aff4c02582f9edae8f034df95dfd98374e007b163edcff62e4bfafa02cc49ce0c0bd222ecf4952d56329627924b36c5ac44ef6c312d
-
SSDEEP
98304:7dka0lLX2LZ/EHALtzvebttAFZI/ztm2j08+:7ma01u/Egdebkoc2jq
Malware Config
Extracted
cerberus
http://besdirindabe100.xyz
Signatures
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
high.actress.journeydescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId high.actress.journey Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId high.actress.journey -
Processes:
high.actress.journeypid process 5036 high.actress.journey -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
high.actress.journeyioc pid process /data/user/0/high.actress.journey/app_DynamicOptDex/ZTqtmk.json 5036 high.actress.journey /data/user/0/high.actress.journey/app_DynamicOptDex/ZTqtmk.json 5036 high.actress.journey -
Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
Processes:
high.actress.journeydescription ioc process Framework API call android.hardware.SensorManager.registerListener high.actress.journey
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
684KB
MD57f56d9fa24fcf3a5641b7994cc96e4eb
SHA187550c09805d84b62d0508f56ac2e3e7ba54d008
SHA2567f6e24a1c75e48c57cc2a719aff0bb4495992f24d71c266a1ec09f36e39c7ee9
SHA5129015290d484d558d115d3d7f37385a9d59d53d8f0f23852319b0ba4110b309106309ca54eb22018ca3671c1aed8695806d4dce9050c1f3e1087b3411a0f22917
-
Filesize
684KB
MD5d7eea2604096e6ac25c74c0b9d40b140
SHA1d0d4f9bb66e372b9d0fa83f3bbea83d4cc9a9bd3
SHA2565b8eadce9f1ee39731fb12159d4f867e9598c4eaf09fd3ccdc288fbe3b0d1643
SHA5127b877be9c4154d1a6d36056fea4b6719dd86f1040b6391d517c637514f62108a417155f5d3d6ba35183892e241831e33899e13320cdbadf8b7edde2fba2a5377
-
Filesize
294B
MD5e4d84bd22b5e74f4e783243b279ff38b
SHA12378dd9b313186ff002a0f7240cc8954ee227d44
SHA2561c42eca06cbac133257ea55fbfdeb568bd812549ad6474d282678d1e52618cee
SHA512f7aabded8b1297c86c83e3a21187c73f2f0d19c45f0c1b205908ef1c805314e5f11f5c17b78c5115fa51df2b80993fc5a6732e75e55c439f719f4ad0a89d89e6