Overview

overview

10

Static

static

6

db6c6bdda8...18.apk

android-9-x86

10

db6c6bdda8...18.apk

android-10-x64

10

db6c6bdda8...18.apk

android-11-x64

Analysis

  • max time kernel
    50s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    21/03/2024, 10:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    db6c6bdda89349f8de2be84ed4373c18.apk

  • Size

    3.4MB

  • MD5

    db6c6bdda89349f8de2be84ed4373c18

  • SHA1

    ba6d9778332737c9750e72c98e29e73c932422d8

  • SHA256

    bff4c1097f87aac75d64430f93e4df4e4225ab776be31f58080cb58d00325e55

  • SHA512

    2cbcc56ae5493d44474584c9f95531639a718a6296b535c6aebe3a05f06b9e6423a0c501b2c3aa9b2dbfaf5f56167b7b481ca7fcde5d7f7697af5c7ebefc163f

  • SSDEEP

    98304:oK5IxjqynCxNbPgx8ci4fVNGz0MFyclyMu2:oK5mqyCxNQ8cFfVNoyK

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://samadeveloper.com/

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • grocery.drink.custom
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5113

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/grocery.drink.custom/app_DynamicOptDex/nS.json
          Filesize

          740KB

          MD5

          9c17f35d46b49ef28821db5ed9f41a4c

          SHA1

          d43410906eacef6a9d378f602a238c3411a31c75

          SHA256

          b4e8b230848f4e07bc159f33575511b50de296bbfd47ee5ccee4bf2354c04337

          SHA512

          bf48dfe0c9b85423a84c7c071ea21abe0d724ae39cdc8d20c162d78e3fa58deff71acca16999bc7db87235cb8d4d00b33f72efd924e02dd7eb608a1ecd358786

          Download Submit

        • /data/data/grocery.drink.custom/app_DynamicOptDex/nS.json
          Filesize

          740KB

          MD5

          cedc99833d0a80593ee3e2235daa9951

          SHA1

          cee1736fb56133a6c1ed5b370c9997b2564280b1

          SHA256

          54aa5e7e026ded064757331ff965f6d3d3d3d7cf206f457df6a9612cbce2d51e

          SHA512

          5be6771618acc72a6458210b7a00012335bd17814989858bf8f935013623c9ad7b35438f5ecf94f01d74429011f1619c231a79f6101321d3b763876ce1ce5f9e

          Download Submit

        • /data/data/grocery.drink.custom/app_DynamicOptDex/oat/nS.json.cur.prof
          Filesize

          285B

          MD5

          580263dd10a68785465afca0c27fc01e

          SHA1

          6eb5a4e551b8e2ea3cd4a2ae3053966da22482e0

          SHA256

          c14fcd82ea7ab85b716dd5d495e2e6271733fad24e0120f0fbec381a7a3a8d67

          SHA512

          51270050f72eae4a5cff90c3c1763453a15b45fe1abcb7dda74d49c89e27f08da5276134233b8854821d554cfbb6a075b77fe15e6e60c09315703cb21aad6a91

          Download Submit