General
-
Target
b46a0305dfbcb341dad439a88cd67c56
-
Size
3.1MB
-
Sample
240305-lysbjsch73
-
MD5
b46a0305dfbcb341dad439a88cd67c56
-
SHA1
3ddf314f3d8c66037fcc76cb7a4148d11a55e9e3
-
SHA256
29149f72818601df2e9df222a3167c832e9c4caf0d9e9c281889336200d68dd7
-
SHA512
99cb4d86f139aa30860b0ffbfad98d72f95f018ab2bf0f611719dabd384eac81b5f0e8dcbd6eeb9b4c4dc9e1e25381f16aea5adfe9f7d21cf8ecee3f28f01488
-
SSDEEP
49152:y3ZBJkFMbk0y9HCZfDEjU8qCjWgQ0HRNXOz4DiWrbT9HqI68bOJf+b15YGROOUvI:yuGbk19Kb9Gc84UiWrB6861I1Kb9w
Malware Config
Extracted
cerberus
http://ratrentalservice.com
Targets
-
-
Target
b46a0305dfbcb341dad439a88cd67c56
-
Size
3.1MB
-
MD5
b46a0305dfbcb341dad439a88cd67c56
-
SHA1
3ddf314f3d8c66037fcc76cb7a4148d11a55e9e3
-
SHA256
29149f72818601df2e9df222a3167c832e9c4caf0d9e9c281889336200d68dd7
-
SHA512
99cb4d86f139aa30860b0ffbfad98d72f95f018ab2bf0f611719dabd384eac81b5f0e8dcbd6eeb9b4c4dc9e1e25381f16aea5adfe9f7d21cf8ecee3f28f01488
-
SSDEEP
49152:y3ZBJkFMbk0y9HCZfDEjU8qCjWgQ0HRNXOz4DiWrbT9HqI68bOJf+b15YGROOUvI:yuGbk19Kb9Gc84UiWrB6861I1Kb9w
Score10/10-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Listens for changes in the sensor environment (might be used to detect emulation)
-