Overview

overview

10

Static

static

6

75a837f084...18.apk

android-9-x86

10

75a837f084...18.apk

android-10-x64

10

75a837f084...18.apk

android-11-x64

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    01-04-2024 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75a837f084a1e986dcb432ef2ed3a125_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    75a837f084a1e986dcb432ef2ed3a125

  • SHA1

    9a92a835327840f32161067e0c6debd704df7c52

  • SHA256

    9a6b68c82fe8faab69e63ae0309948a92f9c954564d6e0132ef3696f11662521

  • SHA512

    e6319b95fd86307763475f68a81c09d27b3f6228f931dc4c462cb1eeade4b8d240ef8357fe1400fa3a4e1836741048d86fe6408dd04a3f3ecfe932527e58d261

  • SSDEEP

    49152:OeaVQqOUYP7DqCDIYJO0rMZbm2SrViPfn3GudANNXC2Demh:FmQ7UIvqp2OPb5miPPGudANvh

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://194.163.139.138

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.tourist.garage
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5038

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tourist.garage/app_DynamicOptDex/QJjUO.json
    Filesize

    124KB

    MD5

    8e59633ce7709798222da74e8088f654

    SHA1

    3a138f5cb680c70054da250c0f1cb52d7d7fa787

    SHA256

    f2ae56adaa9b70f703bb68d2e4432b892033c9d84537995f335f2b2ebbba2c1f

    SHA512

    2c5f90f43947a7d8f075074fb892bbb6fd62f8391a673954b0d2f1dfc0a8d1f298de0c266acb79cabee583c242a9564e30285baea64f52f3cd145a143f0a320c

    Download Submit

  • /data/data/com.tourist.garage/app_DynamicOptDex/QJjUO.json
    Filesize

    124KB

    MD5

    22527cd57cb42be6e6eddf04d58661e4

    SHA1

    2878512f9aeb4e00e7ee55edabfa7c9a803b074b

    SHA256

    c15034bd74befc7bbb52932590e0ef386bdb1500f4b7206d2a4c01d0daf9f985

    SHA512

    2357c9057f1fe2ccdf9082bf9bfff41d7686a4739b9d04a7de0913d1e817ceaa8cc2fa45a83c9b2747228843986ee4bf9b16fd57bf6dc4563b0f10201132dc8f

    Download Submit

  • /data/data/com.tourist.garage/app_DynamicOptDex/oat/QJjUO.json.cur.prof
    Filesize

    155B

    MD5

    c671acb3b56a1dcbcd9258496859e924

    SHA1

    a321a91ce6dad2fa3686d17d0ff6ab47bfa36401

    SHA256

    d9f2a493afcee2cf147e8c2345666a74585e6aa3047b76f5fee411baf68eaaa9

    SHA512

    649da9793eef6dc5266cfa2de7540b92038d98c63ae91df3e24ce40369e55409a47e78ff784958d1c4797a9beb6790cd2c0cbf2a7f242f9b917a9dfc257c7818

    Download Submit