General
-
Target
bda0dc80bd225022dee98d7db05ffad5
-
Size
4.6MB
-
Sample
240310-esgvasbh59
-
MD5
bda0dc80bd225022dee98d7db05ffad5
-
SHA1
11569c6f438e2e885165128d43c382698674d743
-
SHA256
b8a12bb24e1ce1724ddec605f6c1c70f4a61273f8fc9cc76572f22531e3b871c
-
SHA512
2116b71a0b02a95e990be1f031223d10e1110c193f20b50f7efcb7293e75e272acef6ff837b53ea72e37d5d016681adf25b8559becc958cf35b10a1532904514
-
SSDEEP
98304:OH2+Gi6XUxrPgz7WItf0U1yvL2wJldXF5F2QdWZwONdpwWN8ge:OH2bigUxrPQ7JJr1yvLDJl5F2Q0rdpt+
Malware Config
Extracted
cerberus
http://144.126.152.229
Targets
-
-
Target
bda0dc80bd225022dee98d7db05ffad5
-
Size
4.6MB
-
MD5
bda0dc80bd225022dee98d7db05ffad5
-
SHA1
11569c6f438e2e885165128d43c382698674d743
-
SHA256
b8a12bb24e1ce1724ddec605f6c1c70f4a61273f8fc9cc76572f22531e3b871c
-
SHA512
2116b71a0b02a95e990be1f031223d10e1110c193f20b50f7efcb7293e75e272acef6ff837b53ea72e37d5d016681adf25b8559becc958cf35b10a1532904514
-
SSDEEP
98304:OH2+Gi6XUxrPgz7WItf0U1yvL2wJldXF5F2QdWZwONdpwWN8ge:OH2bigUxrPQ7JJr1yvLDJl5F2Q0rdpt+
Score10/10-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Listens for changes in the sensor environment (might be used to detect emulation)
-