Overview

overview

10

Static

static

6

7f0b39cc6a...18.apk

android-9-x86

10

7f0b39cc6a...18.apk

android-10-x64

10

7f0b39cc6a...18.apk

android-11-x64

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    02-04-2024 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f0b39cc6ad10d800d7d5b18f8bd0a99_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    7f0b39cc6ad10d800d7d5b18f8bd0a99

  • SHA1

    5c4d16375adb8e0fe6b5acbadc59e94b4e31352c

  • SHA256

    e9fc94b9571c7fac6446a5dcef86c8eb7d5318ef4d5783ab387ac805f6c27b4f

  • SHA512

    1c44159e73ef94ee58f32bc1f3164dd048594a224d7c7ea86cf4bc6aa1fb68f84e4035d57eb39c963663ea9cc38f1c6bfa7c05683bd31ff63393a9a88f8e7ae3

  • SSDEEP

    49152:DpV0bxZC0NqMqpEi388PflfkBeHE3/gK0s+sceJjJJCxRQRI6VM+5B:F+b7CY5qts8iBQjKescOJCxRq8y

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://tornacimamutxyz.site

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.angry.seek
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.angry.seek/app_DynamicOptDex/lTUETkY.json
    Filesize

    124KB

    MD5

    dece0b9285a7f4adb9cc223694094cc4

    SHA1

    c4ce8be5cede385d8faaf792709bbef710b74ee9

    SHA256

    295fd8a61f3123b87585f2c97bde12e86fb51944dac84483efbafd7a6dc6bc61

    SHA512

    9606399a9025570bfcd0030c49d3ffa1dcfeb1855d340629c767f1c16cec1815ca61ca2bb8ff15f31c2ba53288c920f3185c274aa020c6e28ce394c623a2199d

    Download Submit
  • /data/data/com.angry.seek/app_DynamicOptDex/lTUETkY.json
    Filesize

    124KB

    MD5

    faf6fcc1b97ddc80a96cc11452bd7ecd

    SHA1

    4cb2150f0cd2119f24f627b90c69154eef1c4c9e

    SHA256

    4a5db1a3884f8b545f3e5a24a15f49926d7f33a19b75416f512f31b395ec5aaf

    SHA512

    4f371308f21b16398757495de18464fa19193343f60d1b75d743ab216d30a6a5c7961b39cded2465c5cdcf51c5ee4ea9719e865514e3de3a4cdbd1fcdaf8c75c

    Download Submit
  • /data/data/com.angry.seek/app_DynamicOptDex/oat/lTUETkY.json.cur.prof
    Filesize

    199B

    MD5

    5275a16b385935b8a1b917e24100e654

    SHA1

    6df5a89383ab8081eca6c4276dfd6ee16ec45ff7

    SHA256

    aab3711167578bef3fc9bf11fdea8dd5f3bbccb1eb3a5378e1518ccfecbd6713

    SHA512

    6cc763573135067f9b71d577ac1f9a4ba6b47a93bd633137af9814cc5b42bd19e5faef411a38f34a53e1e0ffad9237099d42f5c67548103b20daa631ff1ca065

    Download Submit