Overview

overview

10

Static

static

6

63e94222fd...18.apk

android-9-x86

10

63e94222fd...18.apk

android-10-x64

10

63e94222fd...18.apk

android-11-x64

Analysis

  • max time kernel
    49s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    01-04-2024 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63e94222fde7ff90ddd81341c409f148_JaffaCakes118.apk

  • Size

    3.1MB

  • MD5

    63e94222fde7ff90ddd81341c409f148

  • SHA1

    4a911259cc5fb7b3312fb5c41435d05819cf4b81

  • SHA256

    fdd9db26f25d0d784b5692003f46320d8400266b6573d5c8ec6dd6c4e2e7bc72

  • SHA512

    aad056f2a5c4ef62e5810cc56d29e618de7f4d2c263307759306a2ff9060cb6959b94fa21cbc68fef13ef2f430fa4ef2df11e5e751cbc909a44bbdc5b86238f9

  • SSDEEP

    98304:qM9aGG8dgNlFdOY6H5uWctMbpys35JSckrE1Fc:RaDFNlTKpy+6rB

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://161.97.68.93

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.coast.rather
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4191

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.coast.rather/app_DynamicOptDex/oat/okGmNq.json.cur.prof
    Filesize

    232B

    MD5

    c1b78aa53720b949da053ae324a43813

    SHA1

    8c5aa08f6705732147e0de33413d98f01e91f736

    SHA256

    fb86c2fe5df193d8ad53e1b2c05a5b7e62a162075ecb33660d45c9361434526b

    SHA512

    117dc1072083dd8b2545c6cf270a62e2fac605d4196efac846df64606e6fce3cde25651d3e736e8c249a1b6d3be7812cada5779645a68f41b30885aa72a682f8

    Download Submit

  • /data/data/com.coast.rather/app_DynamicOptDex/okGmNq.json
    Filesize

    124KB

    MD5

    e88b863951734b672ddb3578a88e6f15

    SHA1

    e1b5df8914439b43564fb1753928e619720900e9

    SHA256

    e783192437cf17d103c60a598547eb767c02c2a21c695a193c68b43a138974c4

    SHA512

    51daa51ed75903a037ca6b4f87226ded6d514e4fe6914d7c6eee2a797765c630cc1ee91dadd5acb89b870f9159846d7ecb8ec82b6f285160457bf128ee170757

    Download Submit

  • /data/data/com.coast.rather/app_DynamicOptDex/okGmNq.json
    Filesize

    124KB

    MD5

    eb20cca0a446b275f56690cc00f0735f

    SHA1

    fe3d9e737f62e4171908aac3a867a2aca11efe7e

    SHA256

    305bffecb046c43bbea12b5924826007b4f0c1ffec02ba50da60399661aae3a9

    SHA512

    7ab0a2dc70406900c16bc909989ce86c1287bd13afddedb216c4a4fd46404cb3887a613fabd9421b69bd146f1fd1eef04e286919a27a0ba6f341d4646f223a3a

    Download Submit