Overview

overview

10

Static

static

6

ba09d490f6...e6.apk

android-9-x86

10

ba09d490f6...e6.apk

android-10-x64

10

ba09d490f6...e6.apk

android-11-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    145s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    08-03-2024 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba09d490f6ecb9f5f9eed549bd528be6.apk

  • Size

    1.3MB

  • MD5

    ba09d490f6ecb9f5f9eed549bd528be6

  • SHA1

    c04c470d874be5ffa72314acce1b106edd864f36

  • SHA256

    4647cbccebb869468d70cf7a893f0e5c475107048fc9bb287af17a12de3bddb1

  • SHA512

    1d7de2f1834cb1e318749b742b784d50e66945badf7cf7a79936475b4b5976f0159de3ff0b2a28eb82a626f074ba1c534cdf08342ccbce51870e444b9b23fe1b

  • SSDEEP

    24576:TP8IeA3PhEz8svBD9jdaSgBctoR/JstJ+0+xzt0qd9hG3EEFppijBibRPdjyXFYU:TEIeA3PhavBxQzpytsJBrncbPpikRPV8

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://awesomeday.top

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • tssrlshzoeozhbqhekobdagd.rpknpqtxpa.rkacpwr
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4373

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/tssrlshzoeozhbqhekobdagd.rpknpqtxpa.rkacpwr/app_DynamicOptDex/RxqxwH.json
    Filesize

    675KB

    MD5

    81f97c8b748bfec3449eb69da50db20b

    SHA1

    256045dcb3f7c4c55dff33df187b9d31166e71c3

    SHA256

    ac27e89473437a27f8d005a7d1bbf29400681c34316cf43914ede81fda52762b

    SHA512

    94ec64abd928effa7fdae2af8816e2ddc745a64f281851591456ceac759777f93d85e132ebbb6077ae2ccb1a66402ac5fd93b74bb0928a4f3334bbfa0e0ffdb1

    Download Submit

  • /data/user/0/tssrlshzoeozhbqhekobdagd.rpknpqtxpa.rkacpwr/app_DynamicOptDex/RxqxwH.json
    Filesize

    675KB

    MD5

    64167e5b685e5ce0297a21b99e44036e

    SHA1

    26d29fbd5e574fb0a103d22ce252feb166cfdab2

    SHA256

    2cb4b873cee555378a7842383be01bdf3daa6a324aa5fcd14976ed0c117d5dce

    SHA512

    32775ccb4120285caba97cb1f63f87dc3b38014626570a99a4c1c7362d1bf1a58b55c09bf6cd41f8da764bca06abed41faaacc274cfe5a8e6c86e31b1ae57c1e

    Download Submit

  • /data/user/0/tssrlshzoeozhbqhekobdagd.rpknpqtxpa.rkacpwr/app_DynamicOptDex/oat/RxqxwH.json.cur.prof
    Filesize

    231B

    MD5

    25302bdbe807e357d1785c23a33baf5c

    SHA1

    d4e2f5ecbb8a33627dbc8e9fda4f0b5668abd428

    SHA256

    7a621638e792e039b9f0daa37507cbae87c9ce8f1dbde0c837e3358686f3a77c

    SHA512

    22382b1053e3237dfcd54d063acc274424f95da546c49851b3391169ba83bcc097e13f272f174b1023671bd55ea6f4eaa7e346ab6a38700895ec1bdb20ccda9c

    Download Submit