Overview

overview

10

Static

static

6

5fcaef59e8...18.apk

android-9-x86

10

5fcaef59e8...18.apk

android-10-x64

10

5fcaef59e8...18.apk

android-11-x64

Analysis

  • max time kernel
    59s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    31-03-2024 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fcaef59e8a883b1af56594a5e08d005_JaffaCakes118.apk

  • Size

    2.9MB

  • MD5

    5fcaef59e8a883b1af56594a5e08d005

  • SHA1

    67378ee8fa15ca94c46340fd4e15336369aa53a1

  • SHA256

    a8b82d18f95d19383691306d3e6f03f2fb6c5903a2f83ea78b7986757152adaf

  • SHA512

    58117b4e50dd57b4930fac1c5ef54dea80559a226ec3743aa0f9898ccc0712bc71f5bf3f6002cf68b1d788a236ef013722a658923d8976e14bfec7a6067119d1

  • SSDEEP

    49152:mNsOxaGaZ1NPOBsBiXqOEB9gAbLp+pj83l3onitGhYg4Fv3e20tq66z4oHJ:xHVOBTXq12AnQpj2lYnipO2n54op

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://185.182.8.36

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.balance.disagree
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4185

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.balance.disagree/app_DynamicOptDex/Ql.json
    Filesize

    124KB

    MD5

    e32972d08500c3d0fec20ab378bdbc05

    SHA1

    477910089394f4ee7a2cefd746c5ca5053ebc504

    SHA256

    73e034f77d13b1f45dbf78e52d762e8f7de153bad5629be609b67cc555eb2c05

    SHA512

    238d4ffad2c3c0e9f3e9d34deac6cc29a14098883a46813e45458a69d994de3b0515a49724025be8b524c90acb9ff813a3085444d57e05896eacbc1ab8a23a86

    Download Submit

  • /data/data/com.balance.disagree/app_DynamicOptDex/Ql.json
    Filesize

    124KB

    MD5

    d3eaf4690bb48253214a4091eefdc359

    SHA1

    c179710c5feff5030d10a775c51eabe54c88b1a1

    SHA256

    9ecb31a83658e76e68ff1439e9162f194a49e0fdf7e1ef0386ad928c1a3054a7

    SHA512

    0a69713e968576e15af36e94cc13d2811543e451fb0b11cf0d78e4ed2aa2f1cc2bf76ac158ae95ed98356e187f5611d5ed89f214de0c8e4d18b48644865a911a

    Download Submit

  • /data/data/com.balance.disagree/app_DynamicOptDex/oat/Ql.json.cur.prof
    Filesize

    196B

    MD5

    d4c7ceadf775bdcab684d79aa02fa1bd

    SHA1

    de4386065bfe8e6ef5625b14b62ec49b0430b9ae

    SHA256

    9b56d45431f99774b495732eb2a4d390218c4fc6c23c26ac98410a035f3cec9e

    SHA512

    0bead16b57b08eb9579934ca193a4a94d6ee25698694228a3df5f35799e8fc8d7736dbfb1f33210190a4810a12676e48f637ae5da23f767c7b87720a0f002874

    Download Submit