Overview

overview

10

Static

static

6

75a837f084...18.apk

android-9-x86

10

75a837f084...18.apk

android-10-x64

10

75a837f084...18.apk

android-11-x64

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    01-04-2024 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75a837f084a1e986dcb432ef2ed3a125_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    75a837f084a1e986dcb432ef2ed3a125

  • SHA1

    9a92a835327840f32161067e0c6debd704df7c52

  • SHA256

    9a6b68c82fe8faab69e63ae0309948a92f9c954564d6e0132ef3696f11662521

  • SHA512

    e6319b95fd86307763475f68a81c09d27b3f6228f931dc4c462cb1eeade4b8d240ef8357fe1400fa3a4e1836741048d86fe6408dd04a3f3ecfe932527e58d261

  • SSDEEP

    49152:OeaVQqOUYP7DqCDIYJO0rMZbm2SrViPfn3GudANNXC2Demh:FmQ7UIvqp2OPb5miPPGudANvh

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://194.163.139.138

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.tourist.garage
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4262
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tourist.garage/app_DynamicOptDex/QJjUO.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tourist.garage/app_DynamicOptDex/oat/x86/QJjUO.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4287

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tourist.garage/app_DynamicOptDex/QJjUO.json
    Filesize

    124KB

    MD5

    8e59633ce7709798222da74e8088f654

    SHA1

    3a138f5cb680c70054da250c0f1cb52d7d7fa787

    SHA256

    f2ae56adaa9b70f703bb68d2e4432b892033c9d84537995f335f2b2ebbba2c1f

    SHA512

    2c5f90f43947a7d8f075074fb892bbb6fd62f8391a673954b0d2f1dfc0a8d1f298de0c266acb79cabee583c242a9564e30285baea64f52f3cd145a143f0a320c

    Download Submit

  • /data/data/com.tourist.garage/app_DynamicOptDex/QJjUO.json
    Filesize

    124KB

    MD5

    22527cd57cb42be6e6eddf04d58661e4

    SHA1

    2878512f9aeb4e00e7ee55edabfa7c9a803b074b

    SHA256

    c15034bd74befc7bbb52932590e0ef386bdb1500f4b7206d2a4c01d0daf9f985

    SHA512

    2357c9057f1fe2ccdf9082bf9bfff41d7686a4739b9d04a7de0913d1e817ceaa8cc2fa45a83c9b2747228843986ee4bf9b16fd57bf6dc4563b0f10201132dc8f

    Download Submit

  • /data/data/com.tourist.garage/app_DynamicOptDex/oat/QJjUO.json.cur.prof
    Filesize

    801B

    MD5

    0f762d77d2409148ae44593a83060484

    SHA1

    ad8dc7e65e9ac343783ac6a37649f5c04dcd1855

    SHA256

    d801237bd35c5a68b3cc80ff80cb35f07a71da7be439f2045d51d750551980bf

    SHA512

    63bf7a37f632b4e982c3124a5c1120f4cef180ddbfeb92dc7e54b3656f420fe3c70553adbf45943afdd60bcacc39fda70abec6d8932f6629f97057967c519476

    Download Submit

  • /data/user/0/com.tourist.garage/app_DynamicOptDex/QJjUO.json
    Filesize

    124KB

    MD5

    ff59633810c29759d4fbe812cf6953a4

    SHA1

    4643373fe9652d4667707bab0d8cb37443a8e71e

    SHA256

    00b7b713b962f3622606d3d6e704c3a30068dfa25cd3504e7c6a0b50067c15b9

    SHA512

    f9a9ae89d04de124969494ec5d1ed3d6092b3138e42a4272399c82521b7a0157620d0c63cdf7e025958035896928979392b72984dd46e04c438dec215d4969a7

    Download Submit