Overview

overview

10

Static

static

6

02946ba4fb...18.apk

android-9-x86

10

02946ba4fb...18.apk

android-10-x64

10

02946ba4fb...18.apk

android-11-x64

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    28-03-2024 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02946ba4fb33667870d4d856b823430b_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    02946ba4fb33667870d4d856b823430b

  • SHA1

    1a6849b16db73446fb60e30803f58452cac0d6ff

  • SHA256

    8c1cb932712974441c21046ac4903e31bd8535f07d180fb5eb247fe89f33172f

  • SHA512

    29d260e8dfb2eb58c54a586bd03f6aa420641b80d2b9564064c09aa8b8b78e75cd3cbbf430467ae975522adb0ab0b95ad4f100ff92477ae93d981126aa449252

  • SSDEEP

    49152:0o7qhOQvgXkczAfq3qO5KMQ16uKI13DNqwAiVNHM6piWeO3IY:deMsYkWiqBQMw1Z3hSibHM6piWH3T

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://144.91.79.50

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.drill.lunch
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5033

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.drill.lunch/app_DynamicOptDex/HkrqXkD.json
    Filesize

    124KB

    MD5

    a9a9d4603b789235f168c3b3a3a31e69

    SHA1

    da7ea61cf33e00ab25c398b842893b265bb6c73e

    SHA256

    041d84e5721423521b4655e5cec898cf64bc4aff69ea841425de0a2614558bc4

    SHA512

    b9a0513f6f541bb06f46608b90c915a9fb83eb80edc52adb7c30fbd3c8ccc54bbfb7f4ee35e8377d3264210fc2c3d9ca6277c23cf5337c8283cc31574896f768

    Download Submit

  • /data/data/com.drill.lunch/app_DynamicOptDex/HkrqXkD.json
    Filesize

    124KB

    MD5

    755744ec0ed3f53ea958f922cddb1bd4

    SHA1

    0396e96652f745bddc90683ae05a877db42b1581

    SHA256

    df4abfe7c950aa191e24bd9a388c77f0d0ab2730848a7c19401569c597b4a832

    SHA512

    732a89e672f8744b8c4811201f8fffa7ae72914c59febd003422dfe0f1b27b1b6e9d2d1e75341103106259d4fed378df39af1f92a394713b87c3baada2bc410d

    Download Submit

  • /data/data/com.drill.lunch/app_DynamicOptDex/oat/HkrqXkD.json.cur.prof
    Filesize

    201B

    MD5

    fc12f7909bf2cf1436971e864c977f05

    SHA1

    cef2ba056622e0e9e0b60634949cc73c540ef26f

    SHA256

    0d11a3a19e77b2d794ee1bb8457d31532e5d7a402ba0c67eb82bc9074bac746a

    SHA512

    1268c1c78f447f238de49b4f27d83fedc5ec5d4d0c99f2dcc8ee2b2057bd26f790ffd0066684a5a619c18786dac9f37b8f89d32af249c54f03a703677af9a626

    Download Submit