Overview

overview

10

Static

static

6

6ff8f6df48...18.apk

android-9-x86

10

6ff8f6df48...18.apk

android-10-x64

10

6ff8f6df48...18.apk

android-11-x64

Analysis

  • max time kernel
    60s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    01-04-2024 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ff8f6df48139ad4cd77695f2bcdbf3e_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    6ff8f6df48139ad4cd77695f2bcdbf3e

  • SHA1

    bb71c54b85da50502b2a6ee48644daa074168547

  • SHA256

    39d33af83cb1d553697b5b04cbde87b97b30f344a7cbeaf5b3fd0b162e170ec3

  • SHA512

    2b4828051b35294118e1822ffd2b543422fb6c8c6f177722ee80083ecb2683a98a50c4f0d44e48f11ee9a3f9f0b946b3c396783ee9973dcde59e0c09eb9d2c71

  • SSDEEP

    49152:Y3iglVMWbJCc9KQqBUfjcUGaiIj7nDYGQ12/wMwbiDnyRBA1wm62FnlNdBpBY9oj:YyyGWdCwRqUAUGEDWhMPnSA1wmTnZBJj

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://tornacimamutxyz.site

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.alter.tool
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5117

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.alter.tool/app_DynamicOptDex/SypIWOG.json
    Filesize

    124KB

    MD5

    0e9b258b53b293bc71b1a04717149e5d

    SHA1

    0abdd3f2b2eb22315a72daed09336db4835142b2

    SHA256

    f7d8073a9139525137b9a48ac076bf4a91901a0ffbd79ba271976a23ca48e351

    SHA512

    ba3d34b18bdb15537a5a1891caac2871423f5f7adfaf1e86aca6bad70232ee4e82a31498c286f88da2213ce52b95e17cf43e53471b1df6d42d50e17b6a788920

    Download Submit

  • /data/data/com.alter.tool/app_DynamicOptDex/SypIWOG.json
    Filesize

    124KB

    MD5

    702c7269f0754a2da293b5880f10116b

    SHA1

    e3796746c27a55a59a00f9c2d03f37b03678091c

    SHA256

    0b95d39b1f8d329a54e4362b95fb6b18bc19a54d8497b47e3c27abf1120e0491

    SHA512

    0ccafaf44a48159f536abc283a01852a640d45302edeb454494ba2477f5c3e09c95ea3f072487a18687ba72b8482628900bc210d8ca1250f6e0a216be2115627

    Download Submit

  • /data/data/com.alter.tool/app_DynamicOptDex/oat/SypIWOG.json.cur.prof
    Filesize

    181B

    MD5

    3cc193fb6b7f8521312817fbbc27112e

    SHA1

    b5f1d032ce3468079aa1b4b91d27868a7dcefac5

    SHA256

    062675f154d61391978c43326f3cbe375140d923c2cd7480223dbe545cb8b4f6

    SHA512

    5a4e2ce260c4b61fd21bc14aaf19f9c0f930f010e79d6a4cd1609c6441c67ead105359991af2135318de225508fd5843c0bba748f99cec4581a2f1ef5b5ddd74

    Download Submit