Analysis
-
max time kernel
53s -
max time network
133s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
06-03-2024 20:57
Static task
static1
Behavioral task
behavioral1
Sample
b82c32069c0a7bc7d8c01aca3d886558.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
b82c32069c0a7bc7d8c01aca3d886558.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
b82c32069c0a7bc7d8c01aca3d886558.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
b82c32069c0a7bc7d8c01aca3d886558.apk
-
Size
3.9MB
-
MD5
b82c32069c0a7bc7d8c01aca3d886558
-
SHA1
076bba36db9a370f1b578ab9e28e993eabc74a30
-
SHA256
eeb5699423902d7422482cbbe30a025180155edb3aaeb625446e403c46f944f3
-
SHA512
1c68f0edd814b982f844fe6723dcad604b6219abdcba84d010b45fb1bf199d893d19c8e98dce3821f30bda44d37174af0b7c42d170618b3a44d6acab586a0b71
-
SSDEEP
98304:RLe4Mws9n4MkjaX5EUwBGKbxcFG4l+D1T2:RLe4Mb9n37S4FG4l+pS
Malware Config
Extracted
cerberus
http://178.18.251.169
Signatures
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId among.caution.source Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId among.caution.source -
pid Process 4186 among.caution.source -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/among.caution.source/app_DynamicOptDex/mYko.json 4186 among.caution.source /data/user/0/among.caution.source/app_DynamicOptDex/mYko.json 4186 among.caution.source -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS among.caution.source -
Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener among.caution.source
Processes
-
among.caution.source1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4186
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
714KB
MD5bec9b4f40d54b030b96ce154fa6d6136
SHA1affe06c1e4815d5f60c775299ac2936658f78e3b
SHA256f5f17b614fa3b009437893025f1400fb69611f24c291fd9977928fc307a04416
SHA512dd0f5638fc147112ea11dc2588234797333287e0dc452ee08d685d7722bceabfbc4c672c1b7361a82fa59f0bb3efbcdfc9af319784ec30819ce1f0530345a5f0
-
Filesize
714KB
MD53ad737cb3d5112ea8b6370e18eb7107e
SHA1d949dce9fb67db89b32cc17a647977c8b4616f24
SHA256736ac24cd76fa729cc2af5f0a80c2b51b4b5572fa206eab049b029154e960779
SHA512102925532853f7e892792f797675600d826e92140fb09455f199af2a6e8629b4bdcfc84cc36f7f462404662f401afdec8deada43e1326ca321986ffeb240cf3c
-
Filesize
279B
MD58e1fab269dfdfa078172277e343206ef
SHA1dbffb44730d48b8383eeddf150ae63f6a93747d5
SHA256f3000207cfbd0784ccebc7962482f2372a60786a7a9ae4b0ec239ec545f1fbef
SHA51240fefb1ac086baf7a4e6b091f3b7adbb74756a73d1abce121d8def83b0db20aa5003881a3ef3d8a654068951ca3a23f81f6a7e65419c311c1d00eda965929ae9