Overview

overview

10

Static

static

6

6ff8f6df48...18.apk

android-9-x86

10

6ff8f6df48...18.apk

android-10-x64

10

6ff8f6df48...18.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ff8f6df48139ad4cd77695f2bcdbf3e_JaffaCakes118

  • Size

    2.8MB

  • Sample

    240401-mvx83ach98

  • MD5

    6ff8f6df48139ad4cd77695f2bcdbf3e

  • SHA1

    bb71c54b85da50502b2a6ee48644daa074168547

  • SHA256

    39d33af83cb1d553697b5b04cbde87b97b30f344a7cbeaf5b3fd0b162e170ec3

  • SHA512

    2b4828051b35294118e1822ffd2b543422fb6c8c6f177722ee80083ecb2683a98a50c4f0d44e48f11ee9a3f9f0b946b3c396783ee9973dcde59e0c09eb9d2c71

  • SSDEEP

    49152:Y3iglVMWbJCc9KQqBUfjcUGaiIj7nDYGQ12/wMwbiDnyRBA1wm62FnlNdBpBY9oj:YyyGWdCwRqUAUGEDWhMPnSA1wmTnZBJj

Score
10/10
cerberusandroidbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://tornacimamutxyz.site

Targets

    • Target

      6ff8f6df48139ad4cd77695f2bcdbf3e_JaffaCakes118

    • Size

      2.8MB

    • MD5

      6ff8f6df48139ad4cd77695f2bcdbf3e

    • SHA1

      bb71c54b85da50502b2a6ee48644daa074168547

    • SHA256

      39d33af83cb1d553697b5b04cbde87b97b30f344a7cbeaf5b3fd0b162e170ec3

    • SHA512

      2b4828051b35294118e1822ffd2b543422fb6c8c6f177722ee80083ecb2683a98a50c4f0d44e48f11ee9a3f9f0b946b3c396783ee9973dcde59e0c09eb9d2c71

    • SSDEEP

      49152:Y3iglVMWbJCc9KQqBUfjcUGaiIj7nDYGQ12/wMwbiDnyRBA1wm62FnlNdBpBY9oj:YyyGWdCwRqUAUGEDWhMPnSA1wmTnZBJj

    Score
    10/10
    cerberusbankercollectionevasioninfostealerratstealthtrojan

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

      bankertrojaninfostealerevasionratcerberus

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks