Extracted

• • Target

    70f36562f58abbdf83212960f304d528_JaffaCakes118

  • Size

    2.6MB

  • MD5

    70f36562f58abbdf83212960f304d528

  • SHA1

    8448de6901e3aa62d9e6b2d59bfc7c2c9c4664b5

  • SHA256

    d7480b9bc123f459d8bd1045f2e1d3b26867c39970290f3007d0b8b79cc1908d

  • SHA512

    214671b9742aeafa6d72fd2749a9455e4b0c5d7bd851d845fb4114ba5ef09f1e95ba3331ecae046082344767ee186d2b51fd822595e56171d8b763a3d493a7a6

  • SSDEEP

    49152:gcNuUEfxWM9GxhjSIQEAOCYMsSsb9wf8UkPW50SHVo/P77RBz/mE3tvf:gcEUDM0hjzQ6CkiGy0Oor7jP9vf

  Score

  10^/10

  cerberusbankercollectionevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3