Overview

overview

10

Static

static

6

ba09d490f6...e6.apk

android-9-x86

10

ba09d490f6...e6.apk

android-10-x64

10

ba09d490f6...e6.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba09d490f6ecb9f5f9eed549bd528be6

  • Size

    1.3MB

  • Sample

    240308-amwn2sbb5s

  • MD5

    ba09d490f6ecb9f5f9eed549bd528be6

  • SHA1

    c04c470d874be5ffa72314acce1b106edd864f36

  • SHA256

    4647cbccebb869468d70cf7a893f0e5c475107048fc9bb287af17a12de3bddb1

  • SHA512

    1d7de2f1834cb1e318749b742b784d50e66945badf7cf7a79936475b4b5976f0159de3ff0b2a28eb82a626f074ba1c534cdf08342ccbce51870e444b9b23fe1b

  • SSDEEP

    24576:TP8IeA3PhEz8svBD9jdaSgBctoR/JstJ+0+xzt0qd9hG3EEFppijBibRPdjyXFYU:TEIeA3PhavBxQzpytsJBrncbPpikRPV8

Score
10/10
cerberusandroidbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://awesomeday.top

Targets

    • Target

      ba09d490f6ecb9f5f9eed549bd528be6

    • Size

      1.3MB

    • MD5

      ba09d490f6ecb9f5f9eed549bd528be6

    • SHA1

      c04c470d874be5ffa72314acce1b106edd864f36

    • SHA256

      4647cbccebb869468d70cf7a893f0e5c475107048fc9bb287af17a12de3bddb1

    • SHA512

      1d7de2f1834cb1e318749b742b784d50e66945badf7cf7a79936475b4b5976f0159de3ff0b2a28eb82a626f074ba1c534cdf08342ccbce51870e444b9b23fe1b

    • SSDEEP

      24576:TP8IeA3PhEz8svBD9jdaSgBctoR/JstJ+0+xzt0qd9hG3EEFppijBibRPdjyXFYU:TEIeA3PhavBxQzpytsJBrncbPpikRPV8

    Score
    10/10
    cerberusbankercollectionevasioninfostealerratstealthtrojan

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

      bankertrojaninfostealerevasionratcerberus

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks