Overview

overview

10

Static

static

6

6ff8f6df48...18.apk

android-9-x86

10

6ff8f6df48...18.apk

android-10-x64

10

6ff8f6df48...18.apk

android-11-x64

Analysis

  • max time kernel
    85s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    01-04-2024 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ff8f6df48139ad4cd77695f2bcdbf3e_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    6ff8f6df48139ad4cd77695f2bcdbf3e

  • SHA1

    bb71c54b85da50502b2a6ee48644daa074168547

  • SHA256

    39d33af83cb1d553697b5b04cbde87b97b30f344a7cbeaf5b3fd0b162e170ec3

  • SHA512

    2b4828051b35294118e1822ffd2b543422fb6c8c6f177722ee80083ecb2683a98a50c4f0d44e48f11ee9a3f9f0b946b3c396783ee9973dcde59e0c09eb9d2c71

  • SSDEEP

    49152:Y3iglVMWbJCc9KQqBUfjcUGaiIj7nDYGQ12/wMwbiDnyRBA1wm62FnlNdBpBY9oj:YyyGWdCwRqUAUGEDWhMPnSA1wmTnZBJj

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://tornacimamutxyz.site

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.alter.tool
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4271
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.alter.tool/app_DynamicOptDex/SypIWOG.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.alter.tool/app_DynamicOptDex/oat/x86/SypIWOG.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4296

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.alter.tool/app_DynamicOptDex/SypIWOG.json
    Filesize

    124KB

    MD5

    0e9b258b53b293bc71b1a04717149e5d

    SHA1

    0abdd3f2b2eb22315a72daed09336db4835142b2

    SHA256

    f7d8073a9139525137b9a48ac076bf4a91901a0ffbd79ba271976a23ca48e351

    SHA512

    ba3d34b18bdb15537a5a1891caac2871423f5f7adfaf1e86aca6bad70232ee4e82a31498c286f88da2213ce52b95e17cf43e53471b1df6d42d50e17b6a788920

    Download Submit

  • /data/data/com.alter.tool/app_DynamicOptDex/SypIWOG.json
    Filesize

    124KB

    MD5

    702c7269f0754a2da293b5880f10116b

    SHA1

    e3796746c27a55a59a00f9c2d03f37b03678091c

    SHA256

    0b95d39b1f8d329a54e4362b95fb6b18bc19a54d8497b47e3c27abf1120e0491

    SHA512

    0ccafaf44a48159f536abc283a01852a640d45302edeb454494ba2477f5c3e09c95ea3f072487a18687ba72b8482628900bc210d8ca1250f6e0a216be2115627

    Download Submit

  • /data/data/com.alter.tool/app_DynamicOptDex/oat/SypIWOG.json.cur.prof
    Filesize

    808B

    MD5

    a2e73a07730a8505e94ebe0e81d3f554

    SHA1

    998ba5849614ba5acf14ad972ca1212077134de6

    SHA256

    66d7eaecf9272e05f92799638bace24bf224188415008665ce4d4e4f7e9b4283

    SHA512

    05c27a5ebefa510ab7d1ba3157f4a7121b18ddfc9b5224d0331c159ed1844b19e5691c453779cd891c1daf3d153fb717fe14f4ea5ab225eded7ba9383be1cb99

    Download Submit

  • /data/user/0/com.alter.tool/app_DynamicOptDex/SypIWOG.json
    Filesize

    124KB

    MD5

    72dc0ed65fe2c67d4c5db32ca0d09f50

    SHA1

    a7f3222051ba4f243281a69805287caa9fe444cf

    SHA256

    6987a34f8b5cefba0690fa33db8a2a0b456a0d1c84ca9e26c88c417e85fc64ae

    SHA512

    89125d5dd1a13af1d966b08c966fc946556708620ae5df43435bd4a056d882daed28e5c7f405446ce4adf679c65cb93ab13e7aa5d5d0a4d1dc1936f4187f0990

    Download Submit