Overview

overview

10

Static

static

6

70f36562f5...18.apk

android-9-x86

10

70f36562f5...18.apk

android-10-x64

10

70f36562f5...18.apk

android-11-x64

Analysis

  • max time kernel
    44s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    01-04-2024 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70f36562f58abbdf83212960f304d528_JaffaCakes118.apk

  • Size

    2.6MB

  • MD5

    70f36562f58abbdf83212960f304d528

  • SHA1

    8448de6901e3aa62d9e6b2d59bfc7c2c9c4664b5

  • SHA256

    d7480b9bc123f459d8bd1045f2e1d3b26867c39970290f3007d0b8b79cc1908d

  • SHA512

    214671b9742aeafa6d72fd2749a9455e4b0c5d7bd851d845fb4114ba5ef09f1e95ba3331ecae046082344767ee186d2b51fd822595e56171d8b763a3d493a7a6

  • SSDEEP

    49152:gcNuUEfxWM9GxhjSIQEAOCYMsSsb9wf8UkPW50SHVo/P77RBz/mE3tvf:gcEUDM0hjzQ6CkiGy0Oor7jP9vf

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://194.163.187.220

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.mammal.shrug
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4185

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mammal.shrug/app_DynamicOptDex/SG.json
    Filesize

    124KB

    MD5

    8ad4d9f1da8e73f998c3695de55b582f

    SHA1

    edaa386221336346a2522f68729666fcf1d3316f

    SHA256

    fc030c124eea710b1a4be9f88a39ba02a38ac12b4ccd576a1e86a344a36c4810

    SHA512

    4783ada0bb35cdd57e8fe817f65b8f53d2477545fc3e5d766cc1977b2984afb2f862ab118fd3e17f9a67ef5e4b49e42b062695ed7c5dabeac4d5a2a6878f0b0f

    Download Submit

  • /data/data/com.mammal.shrug/app_DynamicOptDex/SG.json
    Filesize

    124KB

    MD5

    6805130b46f02562afbd415b6ea7d6d2

    SHA1

    ad42b3a25b34e0e86d5dab3284b7b224e79378dd

    SHA256

    3e7dd06af175c263157717e16dbbf98ec38eec74e163017eb7fc0af477ae7ce5

    SHA512

    4b3a1f6a410db6fcaec29baa8d3ccf4a731b0949da3d914c0edaf4f89884bb733205de0f1707421d276bfd68342c2e60e1b28d0b87f99b366692860b98d58b61

    Download Submit