Overview

overview

10

Static

static

6

1de701e9b8...18.apk

android-9-x86

10

1de701e9b8...18.apk

android-10-x64

10

1de701e9b8...18.apk

android-11-x64

Analysis

  • max time kernel
    60s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    29-03-2024 08:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1de701e9b870b779c1c244fe1c65f7f1_JaffaCakes118.apk

  • Size

    2.7MB

  • MD5

    1de701e9b870b779c1c244fe1c65f7f1

  • SHA1

    e9cd53eeefc3f3c258acecf48b4661bb747955eb

  • SHA256

    455900e642599530f1fe934e143a724e5bed50ae63be00aaaeabb124852dba82

  • SHA512

    4354c4eb07035bec8f2d9f1b0449a56bea2ebbd3fb91551f136c18a0cb29967fdce87caa8b8365e5aaf9cbffc8fcc38a0621127eb6075308a4513eebf865ebfb

  • SSDEEP

    49152:HH3qpfYEdetiPlK3Sbqyf9IiCamjpXz0yHWR5x2Gk/Q47dnYlPqiIByz:HHatdet8lKVyf9EaXJ5xfkosermi

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://161.97.68.93

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.snack.dignity
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5054

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.snack.dignity/app_DynamicOptDex/ba.json
    Filesize

    124KB

    MD5

    c1847086f9df63858bceac92df0e3557

    SHA1

    47739b7e26f8ba961627184fca3a20518fc7db29

    SHA256

    80f0fb29ad78cd1dc531e4f2238a07cddc317516a56c5a801257457e463b37a2

    SHA512

    d01c609fa47cb574b93e530265f4b7e7b8e67bf9f6eb1f2e5afa7a111af4ae9d757b72472613ade72bc081fb7b59b4d28a2ec80f4cb74ac839193da1544f0a89

    Download Submit

  • /data/data/com.snack.dignity/app_DynamicOptDex/ba.json
    Filesize

    124KB

    MD5

    fd0227a3d74d22d72b4974f15d938844

    SHA1

    17e9c8811f06c30905664342dc28b5331f9c4b66

    SHA256

    71dac550c4b1b4be79c756ca2955218b8bc8c8e0db2b941dd8b4c8117c2714a9

    SHA512

    cead755db23c4234e9d4549b3ba25e274e181bdce0d761237797749625a8d96b58a43b21d1df403fbea8520c2928b8e9d93e03e687cd398d9cc28af5fefd44d4

    Download Submit

  • /data/data/com.snack.dignity/app_DynamicOptDex/oat/ba.json.cur.prof
    Filesize

    190B

    MD5

    4eebe2e9d472158e2965852c99956019

    SHA1

    4796d637024ed3d32965cf90da3b2df526faf65f

    SHA256

    042e119f0bdbb111a3577445deab48b12aa56c35e4bae093cd648fb56502118f

    SHA512

    3233cfe9394e110fc7e6d1cd7a991c1b386c7b55e4e342f6e087a4afd660c98b1ffc96ca5822bcf3c61d8fa1e5a0449fdc807c7bb790d9d26fb5e765ea5ad1d3

    Download Submit