Overview

overview

10

Static

static

6

63e94222fd...18.apk

android-9-x86

10

63e94222fd...18.apk

android-10-x64

10

63e94222fd...18.apk

android-11-x64

Analysis

  • max time kernel
    54s
  • max time network
    146s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    01-04-2024 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63e94222fde7ff90ddd81341c409f148_JaffaCakes118.apk

  • Size

    3.1MB

  • MD5

    63e94222fde7ff90ddd81341c409f148

  • SHA1

    4a911259cc5fb7b3312fb5c41435d05819cf4b81

  • SHA256

    fdd9db26f25d0d784b5692003f46320d8400266b6573d5c8ec6dd6c4e2e7bc72

  • SHA512

    aad056f2a5c4ef62e5810cc56d29e618de7f4d2c263307759306a2ff9060cb6959b94fa21cbc68fef13ef2f430fa4ef2df11e5e751cbc909a44bbdc5b86238f9

  • SSDEEP

    98304:qM9aGG8dgNlFdOY6H5uWctMbpys35JSckrE1Fc:RaDFNlTKpy+6rB

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://161.97.68.93

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.coast.rather
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5054

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.coast.rather/app_DynamicOptDex/oat/okGmNq.json.cur.prof
    Filesize

    214B

    MD5

    00ac4087d2783529fe1593262a6a3c2c

    SHA1

    3535674df4bba946f2fe05b385f962261e536220

    SHA256

    0a68bf6d52082397f5148933901aff8833665e332e5277e0d845e5262ff07962

    SHA512

    63f2099bd916f68e4075c23ea95f4e823dc1b2c0e452f88475d32e8a7eb64bdc279571b12eda02b09009479ce9ca71cf46c75ee18b9724d337bf21fa2bac260c

    Download Submit

  • /data/data/com.coast.rather/app_DynamicOptDex/okGmNq.json
    Filesize

    124KB

    MD5

    e88b863951734b672ddb3578a88e6f15

    SHA1

    e1b5df8914439b43564fb1753928e619720900e9

    SHA256

    e783192437cf17d103c60a598547eb767c02c2a21c695a193c68b43a138974c4

    SHA512

    51daa51ed75903a037ca6b4f87226ded6d514e4fe6914d7c6eee2a797765c630cc1ee91dadd5acb89b870f9159846d7ecb8ec82b6f285160457bf128ee170757

    Download Submit

  • /data/data/com.coast.rather/app_DynamicOptDex/okGmNq.json
    Filesize

    124KB

    MD5

    eb20cca0a446b275f56690cc00f0735f

    SHA1

    fe3d9e737f62e4171908aac3a867a2aca11efe7e

    SHA256

    305bffecb046c43bbea12b5924826007b4f0c1ffec02ba50da60399661aae3a9

    SHA512

    7ab0a2dc70406900c16bc909989ce86c1287bd13afddedb216c4a4fd46404cb3887a613fabd9421b69bd146f1fd1eef04e286919a27a0ba6f341d4646f223a3a

    Download Submit