Overview

overview

10

Static

static

6

79406a37aa...18.apk

android-9-x86

10

79406a37aa...18.apk

android-10-x64

10

79406a37aa...18.apk

android-11-x64

Analysis

  • max time kernel
    71s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    01-04-2024 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79406a37aa56c8c3b0a6f6eeb48cf5a5_JaffaCakes118.apk

  • Size

    2.5MB

  • MD5

    79406a37aa56c8c3b0a6f6eeb48cf5a5

  • SHA1

    118fa2cf82b7ca85cc59eb8986b1537ca5fcd38e

  • SHA256

    0314ea6ad3cf224a9417ccfd1f8a784a836472094c04a6bc2ffb688313131ecb

  • SHA512

    9728401f7de75781b6aa36e49a2f2ceb89e913b7d7e27330f7e88841dd782746a4adaa01f66172afa3cf946db4814b243c07d075f3ca03ec8a6739b9b63bd4a6

  • SSDEEP

    49152:RqlBejgkVwtbraC9Ww/NZ9GLud4ijdbSDaOi1K:clAd2brD8w/X9GLW4va0

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://161.97.75.127

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.you.because
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5041

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.you.because/app_DynamicOptDex/oat/rXWFlP.json.cur.prof
    Filesize

    212B

    MD5

    2ef25fc1d3f8ab90fc0f1ea934fd3052

    SHA1

    f74b717addddb4f97a9854c435fa1f565c0bbc2b

    SHA256

    fb820286af7ffb31a7b8b215b90653b3556dba53d9e5b0e68262e8ecd1d90292

    SHA512

    0c774a9f05df610f417a329822a3a62eb58767e741735b754065f54b6bb43814672b91581a70f5587baa387055ba9076198a2841c5e8c37abb680c226a117fd7

    Download Submit

  • /data/data/com.you.because/app_DynamicOptDex/rXWFlP.json
    Filesize

    124KB

    MD5

    27fe4589075d4ac0e3f53f446af355ee

    SHA1

    e05a09e78174cd794e0f47f644ad85fd1977acda

    SHA256

    8a1a58f160609b059fbd7c9afa3d37f350c016fd23b30789bb703f32a2164854

    SHA512

    351ae22e8b405f042487a86b3ad7c3544bbfaac9ec12d0cc0ed382dc3f3b2bcaf308bbf361c7e235bda0e09b6e8fa60be64af22ea3dffa0f4dddddadb042bc62

    Download Submit

  • /data/data/com.you.because/app_DynamicOptDex/rXWFlP.json
    Filesize

    124KB

    MD5

    9c94fba7a144ca30510ee9e14fb65b92

    SHA1

    774bf1d041953f28d7c2faf6c89df69546f63f21

    SHA256

    75620822884c136bf9ed3ba887f0a2da78eeb0e26d3eb5d87429894e568ffa09

    SHA512

    efa91871a4495edb2bcafe2e4db708b6f3cc16763ab094b3f89f8e03890408cee0c971b54185fe5a68a25502895c6a339bb9e2ea9bcbef27be051f18dd92651d

    Download Submit