Overview

overview

10

Static

static

6

ba09d490f6...e6.apk

android-9-x86

10

ba09d490f6...e6.apk

android-10-x64

10

ba09d490f6...e6.apk

android-11-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    08-03-2024 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba09d490f6ecb9f5f9eed549bd528be6.apk

  • Size

    1.3MB

  • MD5

    ba09d490f6ecb9f5f9eed549bd528be6

  • SHA1

    c04c470d874be5ffa72314acce1b106edd864f36

  • SHA256

    4647cbccebb869468d70cf7a893f0e5c475107048fc9bb287af17a12de3bddb1

  • SHA512

    1d7de2f1834cb1e318749b742b784d50e66945badf7cf7a79936475b4b5976f0159de3ff0b2a28eb82a626f074ba1c534cdf08342ccbce51870e444b9b23fe1b

  • SSDEEP

    24576:TP8IeA3PhEz8svBD9jdaSgBctoR/JstJ+0+xzt0qd9hG3EEFppijBibRPdjyXFYU:TEIeA3PhavBxQzpytsJBrncbPpikRPV8

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://awesomeday.top

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • tssrlshzoeozhbqhekobdagd.rpknpqtxpa.rkacpwr
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5038

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/tssrlshzoeozhbqhekobdagd.rpknpqtxpa.rkacpwr/app_DynamicOptDex/RxqxwH.json
    Filesize

    675KB

    MD5

    81f97c8b748bfec3449eb69da50db20b

    SHA1

    256045dcb3f7c4c55dff33df187b9d31166e71c3

    SHA256

    ac27e89473437a27f8d005a7d1bbf29400681c34316cf43914ede81fda52762b

    SHA512

    94ec64abd928effa7fdae2af8816e2ddc745a64f281851591456ceac759777f93d85e132ebbb6077ae2ccb1a66402ac5fd93b74bb0928a4f3334bbfa0e0ffdb1

    Download Submit

  • /data/data/tssrlshzoeozhbqhekobdagd.rpknpqtxpa.rkacpwr/app_DynamicOptDex/RxqxwH.json
    Filesize

    675KB

    MD5

    64167e5b685e5ce0297a21b99e44036e

    SHA1

    26d29fbd5e574fb0a103d22ce252feb166cfdab2

    SHA256

    2cb4b873cee555378a7842383be01bdf3daa6a324aa5fcd14976ed0c117d5dce

    SHA512

    32775ccb4120285caba97cb1f63f87dc3b38014626570a99a4c1c7362d1bf1a58b55c09bf6cd41f8da764bca06abed41faaacc274cfe5a8e6c86e31b1ae57c1e

    Download Submit

  • /data/data/tssrlshzoeozhbqhekobdagd.rpknpqtxpa.rkacpwr/app_DynamicOptDex/oat/RxqxwH.json.cur.prof
    Filesize

    268B

    MD5

    65d939f8412efea143533192e1b14744

    SHA1

    c98010f1b86518a8a32fbe2f0fce4306380128ca

    SHA256

    4dca4a5c31bb03836679cf481f8a28ae76b869d837062d3d42ff061a9f1a003d

    SHA512

    31787ba0b7cce3a1060cacf3b14f65842c0ac862be841ac7b31db07482bbc9defeeb0c2a0665d15ef1b444b1a29e81a2b43b5efbf3d088652df025c466566a28

    Download Submit