Extracted

• • Target

    dd270c4680162ff3dc32ef54af37ee5c

  • Size

    3.2MB

  • MD5

    dd270c4680162ff3dc32ef54af37ee5c

  • SHA1

    c74378e7489b682a84b0457d158b8d6c068707a0

  • SHA256

    9767d501e9a5c1f125d568645e42f057884258ceb38d1641a99a219b77dd3ba1

  • SHA512

    31c09244b7bfa7b6d2591f1181561e9517159bc0ecc56e9b9aee706d76c9c60816fece798c9715085ce9bd2d9dfb559951b1a76af6958cacd8f9228949d03542

  • SSDEEP

    98304:7Ua0ymRUaKDkw+tkAn4mqpGp8wqzj0YuCuo9S9:H0y+KDoeAnhq0ewqzwYum9C

  Score

  10^/10

  cerberusbankercollectionevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3