Overview

overview

10

Static

static

6

b7638ff223...7b.apk

android-9-x86

10

b7638ff223...7b.apk

android-10-x64

10

b7638ff223...7b.apk

android-11-x64

Analysis

  • max time kernel
    61s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    06-03-2024 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7638ff22370a672f8da8ce79d5da97b.apk

  • Size

    3.0MB

  • MD5

    b7638ff22370a672f8da8ce79d5da97b

  • SHA1

    0f970d5c3c1d04740528a988a92ee72f4b3f5a81

  • SHA256

    34285952e2dc998f9e94dc41228c6b74c3777b403e57fc239a362cc1e4e7cb71

  • SHA512

    f99bd7252060afcf13bcb4ddaee126dfcd032dc5b4ad02aa47e4d7bae823b558d19ac39746a153bb23bf8b0436da2d9db92f3eb15f7757fe51f18a722d372e14

  • SSDEEP

    98304:k/GrGuxWqpC50FKdLWI0GHzoJuft+o5L2pFFvC:k/GiSY50+WI/Toq15ip7vC

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://denemeamaciyla.tk/

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • easy.cigar.stock
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5044

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/easy.cigar.stock/app_DynamicOptDex/lKY.json
    Filesize

    628KB

    MD5

    88170bc0d7becd86b0770011de000abb

    SHA1

    50595bdf1ab5d60a10be3992cf7df0177dbb1447

    SHA256

    0c78ecf78f67a565d2e051430bbd9000f7ef6ece1ba4c722c12021be2adcd771

    SHA512

    7a9c68fa5191ac7c861c92003691429f08e8b11d21e702bbc31d71e2f513712c8f1def2140e257d32d49211bd96cedf12a2cd1e325d1dd7992ff8099f70d93b3

    Download Submit

  • /data/data/easy.cigar.stock/app_DynamicOptDex/lKY.json
    Filesize

    628KB

    MD5

    6c9c0926ed81b3109379fb9ff9fd0b72

    SHA1

    cefff7b4c73a8aaac1af8d9d3bcdb12111ef7530

    SHA256

    f2c723b899d3e427e53fe1f8fa1559a80c965e9a577a160ac7c0e02cdb67cba9

    SHA512

    6bb163fad2cd5b64579ea114a02da355d690901b73cb46d6710f846eae3830229d6b182320076ec46f12f1244665411dc5dbb4b08341f760386b71582f0efe32

    Download Submit

  • /data/data/easy.cigar.stock/app_DynamicOptDex/oat/lKY.json.cur.prof
    Filesize

    304B

    MD5

    dc9d07db1568e33faf61030d28742f9f

    SHA1

    b087cb5b0dd89d924c17e4b81b457b25564b940e

    SHA256

    25c3fdd3fa1baf8bfddaa1f97ac24acefca83adddc803d36fa4cefaedcd0efe0

    SHA512

    cb12b934d1e2152995d411e36e47122514fe85d7361a2b6f80b9a8cbbfc76cc630e6f923183552100070a34e76c125dcd8da2cfc2f0e458318036415e5c161c0

    Download Submit