General
-
Target
75a837f084a1e986dcb432ef2ed3a125_JaffaCakes118
-
Size
2.8MB
-
Sample
240401-vpdw8sac2w
-
MD5
75a837f084a1e986dcb432ef2ed3a125
-
SHA1
9a92a835327840f32161067e0c6debd704df7c52
-
SHA256
9a6b68c82fe8faab69e63ae0309948a92f9c954564d6e0132ef3696f11662521
-
SHA512
e6319b95fd86307763475f68a81c09d27b3f6228f931dc4c462cb1eeade4b8d240ef8357fe1400fa3a4e1836741048d86fe6408dd04a3f3ecfe932527e58d261
-
SSDEEP
49152:OeaVQqOUYP7DqCDIYJO0rMZbm2SrViPfn3GudANNXC2Demh:FmQ7UIvqp2OPb5miPPGudANvh
Malware Config
Extracted
cerberus
http://194.163.139.138
Targets
-
-
Target
75a837f084a1e986dcb432ef2ed3a125_JaffaCakes118
-
Size
2.8MB
-
MD5
75a837f084a1e986dcb432ef2ed3a125
-
SHA1
9a92a835327840f32161067e0c6debd704df7c52
-
SHA256
9a6b68c82fe8faab69e63ae0309948a92f9c954564d6e0132ef3696f11662521
-
SHA512
e6319b95fd86307763475f68a81c09d27b3f6228f931dc4c462cb1eeade4b8d240ef8357fe1400fa3a4e1836741048d86fe6408dd04a3f3ecfe932527e58d261
-
SSDEEP
49152:OeaVQqOUYP7DqCDIYJO0rMZbm2SrViPfn3GudANNXC2Demh:FmQ7UIvqp2OPb5miPPGudANvh
Score10/10-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Listens for changes in the sensor environment (might be used to detect emulation)
-