Overview

overview

10

Static

static

6

cd9cc2c288...31.apk

android-9-x86

10

cd9cc2c288...31.apk

android-10-x64

10

cd9cc2c288...31.apk

android-11-x64

Analysis

  • max time kernel
    127s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    16-03-2024 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd9cc2c288b39d58324c96eedda21831.apk

  • Size

    3.1MB

  • MD5

    cd9cc2c288b39d58324c96eedda21831

  • SHA1

    8b8b98c2245e32d29b0f2774693ea5b92c556fec

  • SHA256

    808f0c09e176834a8f3c0750677fbe9f6ec10caab55067cbec5c98dee300e151

  • SHA512

    2e78e9d72e98a5c73026fceca6117e681e92e4fe5752c0eef3aff0d364d907e4d1d447c18744b478aa7dcba687420082038ca6a6c8c31f1f38d0f5a82c0cdf8e

  • SSDEEP

    98304:ujfprLUanrvhUaeohPgThMtdugD2n/gBvPYb:+rnrZeohIThMt0gDIgB0

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://googleglobal.cf

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • rhythm.retreat.absorb
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5028

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/rhythm.retreat.absorb/app_DynamicOptDex/fiyJ.json
    Filesize

    598KB

    MD5

    692b922e76bed1995e19bf34104b91ec

    SHA1

    21958c394ffe5526b4c65bba0486eacff2c3f574

    SHA256

    1f783ba379284cb7eca50ec255b49658aaf7b2779e6fa984dcfc521aa09313be

    SHA512

    7e0137e6617cf72b81a5534ec7140600ec8d4e0e3fc02c38ac5e43cbaa9e83a326156e016cce86185fb21c5ff0a172d42973443cba76fc5e413f86c1b3f842ef

    Download Submit

  • /data/data/rhythm.retreat.absorb/app_DynamicOptDex/fiyJ.json
    Filesize

    598KB

    MD5

    b686443912f19ef3e525608d2b48d521

    SHA1

    072b1421d0d1ea64438d7767aac0cf5bd1ad6992

    SHA256

    06f476ea954a0adc82991daefb7554abd1a79f5fd029837c7cc600aead39f0f3

    SHA512

    7127acda95d486c8969cd5cf62fd6bb0b208d40d4ad35e621c2e17aeb1332ddb2b766a25c722322e818a34361f7faa7b7de0135c47cdd29f28de37f5f170d129

    Download Submit

  • /data/data/rhythm.retreat.absorb/app_DynamicOptDex/oat/fiyJ.json.cur.prof
    Filesize

    269B

    MD5

    7a5efef3949b90a860258ad0fc24eca8

    SHA1

    243d6268e4dc2f0f9c343d67d76779fe394e23e4

    SHA256

    e88f74f1a253325ccec998e7e4f8d3d2b0fec803a3a3f28b4c50fc0cc4134156

    SHA512

    a9bac5c16879a251f5316c72646caef4aa658c9323eff14e81b61b68547d6f80631cae754c44f3623a1986ca513311732dce62240d1f1417c471b98eb2bd2375

    Download Submit