Overview

overview

10

Static

static

6

1de701e9b8...18.apk

android-9-x86

10

1de701e9b8...18.apk

android-10-x64

10

1de701e9b8...18.apk

android-11-x64

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    29-03-2024 08:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1de701e9b870b779c1c244fe1c65f7f1_JaffaCakes118.apk

  • Size

    2.7MB

  • MD5

    1de701e9b870b779c1c244fe1c65f7f1

  • SHA1

    e9cd53eeefc3f3c258acecf48b4661bb747955eb

  • SHA256

    455900e642599530f1fe934e143a724e5bed50ae63be00aaaeabb124852dba82

  • SHA512

    4354c4eb07035bec8f2d9f1b0449a56bea2ebbd3fb91551f136c18a0cb29967fdce87caa8b8365e5aaf9cbffc8fcc38a0621127eb6075308a4513eebf865ebfb

  • SSDEEP

    49152:HH3qpfYEdetiPlK3Sbqyf9IiCamjpXz0yHWR5x2Gk/Q47dnYlPqiIByz:HHatdet8lKVyf9EaXJ5xfkosermi

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://161.97.68.93

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.snack.dignity
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4267
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.snack.dignity/app_DynamicOptDex/ba.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.snack.dignity/app_DynamicOptDex/oat/x86/ba.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4294

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.snack.dignity/app_DynamicOptDex/ba.json
    Filesize

    124KB

    MD5

    c1847086f9df63858bceac92df0e3557

    SHA1

    47739b7e26f8ba961627184fca3a20518fc7db29

    SHA256

    80f0fb29ad78cd1dc531e4f2238a07cddc317516a56c5a801257457e463b37a2

    SHA512

    d01c609fa47cb574b93e530265f4b7e7b8e67bf9f6eb1f2e5afa7a111af4ae9d757b72472613ade72bc081fb7b59b4d28a2ec80f4cb74ac839193da1544f0a89

    Download Submit

  • /data/data/com.snack.dignity/app_DynamicOptDex/ba.json
    Filesize

    124KB

    MD5

    fd0227a3d74d22d72b4974f15d938844

    SHA1

    17e9c8811f06c30905664342dc28b5331f9c4b66

    SHA256

    71dac550c4b1b4be79c756ca2955218b8bc8c8e0db2b941dd8b4c8117c2714a9

    SHA512

    cead755db23c4234e9d4549b3ba25e274e181bdce0d761237797749625a8d96b58a43b21d1df403fbea8520c2928b8e9d93e03e687cd398d9cc28af5fefd44d4

    Download Submit

  • /data/data/com.snack.dignity/app_DynamicOptDex/oat/ba.json.cur.prof
    Filesize

    807B

    MD5

    6898ca95b55ea609be1e0f10272e880a

    SHA1

    3c09b2bfe10742fd873be00a0c847484e7a8fe78

    SHA256

    c3631e0e281d75d8cfd4fb9c6c3e5300bd1429cf9618ac99370c1c97236d4dc1

    SHA512

    fe3d360e1518d0eeb31167a5b376ac9824c79149b3c27be26d65a6de0a022a6c101a9d6b31568b563f029c8640f393e963a4125b85981e185b75f34991c2ff6d

    Download Submit

  • /data/user/0/com.snack.dignity/app_DynamicOptDex/ba.json
    Filesize

    124KB

    MD5

    790e6802eda19cc154b8ec7373acecf4

    SHA1

    487654fa74c3610eb7c614025e0a14d17be7fa11

    SHA256

    6eaf55576606f281e46409c48885f342bff58672d161474db28fa56faf1c229c

    SHA512

    856a11debbfca3a8e9df9502ce51cc8da0380af8565ff2349b91101f754175d37f52508f095910a56b6f82cdbfe1ec54a4e8790db85edb31d8c519bcdd9e724c

    Download Submit