Overview

overview

10

Static

static

6

02946ba4fb...18.apk

android-9-x86

10

02946ba4fb...18.apk

android-10-x64

10

02946ba4fb...18.apk

android-11-x64

Analysis

  • max time kernel
    84s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    28-03-2024 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02946ba4fb33667870d4d856b823430b_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    02946ba4fb33667870d4d856b823430b

  • SHA1

    1a6849b16db73446fb60e30803f58452cac0d6ff

  • SHA256

    8c1cb932712974441c21046ac4903e31bd8535f07d180fb5eb247fe89f33172f

  • SHA512

    29d260e8dfb2eb58c54a586bd03f6aa420641b80d2b9564064c09aa8b8b78e75cd3cbbf430467ae975522adb0ab0b95ad4f100ff92477ae93d981126aa449252

  • SSDEEP

    49152:0o7qhOQvgXkczAfq3qO5KMQ16uKI13DNqwAiVNHM6piWeO3IY:deMsYkWiqBQMw1Z3hSibHM6piWH3T

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://144.91.79.50

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.drill.lunch
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4469
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.drill.lunch/app_DynamicOptDex/HkrqXkD.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.drill.lunch/app_DynamicOptDex/oat/x86/HkrqXkD.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4494

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.drill.lunch/app_DynamicOptDex/HkrqXkD.json
    Filesize

    124KB

    MD5

    a9a9d4603b789235f168c3b3a3a31e69

    SHA1

    da7ea61cf33e00ab25c398b842893b265bb6c73e

    SHA256

    041d84e5721423521b4655e5cec898cf64bc4aff69ea841425de0a2614558bc4

    SHA512

    b9a0513f6f541bb06f46608b90c915a9fb83eb80edc52adb7c30fbd3c8ccc54bbfb7f4ee35e8377d3264210fc2c3d9ca6277c23cf5337c8283cc31574896f768

    Download Submit

  • /data/data/com.drill.lunch/app_DynamicOptDex/HkrqXkD.json
    Filesize

    124KB

    MD5

    755744ec0ed3f53ea958f922cddb1bd4

    SHA1

    0396e96652f745bddc90683ae05a877db42b1581

    SHA256

    df4abfe7c950aa191e24bd9a388c77f0d0ab2730848a7c19401569c597b4a832

    SHA512

    732a89e672f8744b8c4811201f8fffa7ae72914c59febd003422dfe0f1b27b1b6e9d2d1e75341103106259d4fed378df39af1f92a394713b87c3baada2bc410d

    Download Submit

  • /data/data/com.drill.lunch/app_DynamicOptDex/oat/HkrqXkD.json.cur.prof
    Filesize

    813B

    MD5

    45efc3b29739070193acc19455af6900

    SHA1

    f07c0db79daff10d641fb3ca69241a01bda7c932

    SHA256

    4d6e23a0412ca6b47832573b7414c07e45f6d891b48ae8ad7de2e971704820b6

    SHA512

    d2bf50a6bad69973992e1b83ce77e7207a9dedb9e1a3afde063c43a937051368f1bac2d50f4133cb1f9723de7c11cc44a0d6cdf5e1f491c98b6851c1b483e7a3

    Download Submit

  • /data/user/0/com.drill.lunch/app_DynamicOptDex/HkrqXkD.json
    Filesize

    124KB

    MD5

    b794c8c6e6a7a7177a6babcce5500d17

    SHA1

    e8d7945860833ead04393129435ab3c3e5cf48de

    SHA256

    dfea24d04b8c3d9ed2faf8cc7dc6349bf941f4e9e8cb269040f707b8fb4fe841

    SHA512

    fdfd22236c513c11b961d6ab20b822d219b6eab90dc4982f609153cc88663ca543fd61e775515b02a3be09f0a7641fc931e173fea751fdad6934ee0e1e8e9fd2

    Download Submit