Extracted

• • Target

    1de701e9b870b779c1c244fe1c65f7f1_JaffaCakes118

  • Size

    2.7MB

  • MD5

    1de701e9b870b779c1c244fe1c65f7f1

  • SHA1

    e9cd53eeefc3f3c258acecf48b4661bb747955eb

  • SHA256

    455900e642599530f1fe934e143a724e5bed50ae63be00aaaeabb124852dba82

  • SHA512

    4354c4eb07035bec8f2d9f1b0449a56bea2ebbd3fb91551f136c18a0cb29967fdce87caa8b8365e5aaf9cbffc8fcc38a0621127eb6075308a4513eebf865ebfb

  • SSDEEP

    49152:HH3qpfYEdetiPlK3Sbqyf9IiCamjpXz0yHWR5x2Gk/Q47dnYlPqiIByz:HHatdet8lKVyf9EaXJ5xfkosermi

  Score

  10^/10

  cerberusbankercollectionevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3