Overview

overview

10

Static

static

6

49813dea66...18.apk

android-9-x86

10

49813dea66...18.apk

android-10-x64

10

49813dea66...18.apk

android-11-x64

Analysis

  • max time kernel
    47s
  • max time network
    147s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    31-03-2024 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49813dea66420480e4e10a123a53f559_JaffaCakes118.apk

  • Size

    2.7MB

  • MD5

    49813dea66420480e4e10a123a53f559

  • SHA1

    c29f97939719e98f20ac84743139f243debf39d8

  • SHA256

    442d3fb99a211111ddc64ed58af40f9a2acafb57ec80e36723ac8457f3859e24

  • SHA512

    be220e47a6d6c0d10a17e851f6f36e9a9ee42ae50551835c3a18b16c9f4d70fb29b194ec131424d7baccaeff9895ab544e4ad03d5e2ae5f7efa1ef6b7fcb7d1d

  • SSDEEP

    49152:WZ47b6d1AoDzg5qipwRef/vuP//gdC/CNyCcaJgclzejTvGvHo356Xd:I47GAo/g51pwUf/vq2GCotaJvl8bSHoo

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://161.97.68.93

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.health.other
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5087

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.health.other/app_DynamicOptDex/HshLs.json
    Filesize

    124KB

    MD5

    42767258007a28324f36734fd5a49cc6

    SHA1

    6f484ec0fbba3f8f3c6fc566aeb8b27315981d53

    SHA256

    1937538fb7c23bf25f927ae81d2b742e9d820d1e98063ecfcc3ab086bc93b7a9

    SHA512

    0d70e779ae65247780611d8533ec0f4184a92ea5ab77dd394a62491577e292258ea2298d023fc95d8ced10d506bffb27e94199008ffc71f74e69cd46a8d01b06

    Download Submit

  • /data/data/com.health.other/app_DynamicOptDex/HshLs.json
    Filesize

    124KB

    MD5

    27803e7a3a333a11138a9cfea0bf5aef

    SHA1

    63db4b6d7546f209327395ff3ba63629b68fc108

    SHA256

    45944d0d90fd6d282f741c03951fcf7810fd2d67d2863ebff6ef7475ceed5bda

    SHA512

    e08c3d350df5d4a952b5fc9baae34b4be329e59b433190db61b64ee1588b97d26613440a6b6e08ef5e08a761b86ccc1e150ccdcdceddf9d7d66c863364181d2f

    Download Submit

  • /data/data/com.health.other/app_DynamicOptDex/oat/HshLs.json.cur.prof
    Filesize

    828B

    MD5

    ac8692eb74134bc300da1c3784eb7636

    SHA1

    2550806251e3d072b403a8b9e3f516008d83c461

    SHA256

    16679791c0e964c24eb703ddbbfbc3530dcaa1e47af1a1fdf6cddf9ee4468988

    SHA512

    39641c3d6c8ea9e15beaaf0c9eb695cc47b4a3253c33cc1b2e7c9d569a0bdbad9d881ce0ccd906ed1e28bb07c0a5511129bb0cafaeaa847b87ff1ba23fad8a1e

    Download Submit