Overview

overview

10

Static

static

6

5fcaef59e8...18.apk

android-9-x86

10

5fcaef59e8...18.apk

android-10-x64

10

5fcaef59e8...18.apk

android-11-x64

Analysis

  • max time kernel
    72s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    31-03-2024 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fcaef59e8a883b1af56594a5e08d005_JaffaCakes118.apk

  • Size

    2.9MB

  • MD5

    5fcaef59e8a883b1af56594a5e08d005

  • SHA1

    67378ee8fa15ca94c46340fd4e15336369aa53a1

  • SHA256

    a8b82d18f95d19383691306d3e6f03f2fb6c5903a2f83ea78b7986757152adaf

  • SHA512

    58117b4e50dd57b4930fac1c5ef54dea80559a226ec3743aa0f9898ccc0712bc71f5bf3f6002cf68b1d788a236ef013722a658923d8976e14bfec7a6067119d1

  • SSDEEP

    49152:mNsOxaGaZ1NPOBsBiXqOEB9gAbLp+pj83l3onitGhYg4Fv3e20tq66z4oHJ:xHVOBTXq12AnQpj2lYnipO2n54op

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://185.182.8.36

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.balance.disagree
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5036

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.balance.disagree/app_DynamicOptDex/Ql.json
    Filesize

    124KB

    MD5

    e32972d08500c3d0fec20ab378bdbc05

    SHA1

    477910089394f4ee7a2cefd746c5ca5053ebc504

    SHA256

    73e034f77d13b1f45dbf78e52d762e8f7de153bad5629be609b67cc555eb2c05

    SHA512

    238d4ffad2c3c0e9f3e9d34deac6cc29a14098883a46813e45458a69d994de3b0515a49724025be8b524c90acb9ff813a3085444d57e05896eacbc1ab8a23a86

    Download Submit

  • /data/data/com.balance.disagree/app_DynamicOptDex/Ql.json
    Filesize

    124KB

    MD5

    d3eaf4690bb48253214a4091eefdc359

    SHA1

    c179710c5feff5030d10a775c51eabe54c88b1a1

    SHA256

    9ecb31a83658e76e68ff1439e9162f194a49e0fdf7e1ef0386ad928c1a3054a7

    SHA512

    0a69713e968576e15af36e94cc13d2811543e451fb0b11cf0d78e4ed2aa2f1cc2bf76ac158ae95ed98356e187f5611d5ed89f214de0c8e4d18b48644865a911a

    Download Submit

  • /data/data/com.balance.disagree/app_DynamicOptDex/oat/Ql.json.cur.prof
    Filesize

    156B

    MD5

    d965b398aaef45c394fdc2ad57c4cfc9

    SHA1

    b68e91790ab983417f396b0872f43e8c5e2846df

    SHA256

    90a812f7310397aabd6950733343a5647d3c888a9ef3e1d130069130579c6901

    SHA512

    f3a49fff8bb36fd9037d1c901dc471a03043a802bb0ca2f948f941e66c760edc24d919ae08b94a0ea30dd8a077c03073756217eff441684cb269697cc7be9a87

    Download Submit