Extracted

• • Target

    83d8646081701b607e9147a9a0bd90d6_JaffaCakes118

  • Size

    2.6MB

  • MD5

    83d8646081701b607e9147a9a0bd90d6

  • SHA1

    1652440c6feadd9a43c90610763ed7a0a4c351b9

  • SHA256

    9ba9ad408a114192254671b24b01af7980f879f3962232389ccc835acb87582a

  • SHA512

    2218d890c725725215af03aafc8906f0481484c58212761a237708e205569d0fb9268615f63ac4b41064c0d85bbb1e488d9fd8c8a49e7b90bee32eb59e72947a

  • SSDEEP

    49152:McYSsgUSH1q42IkAiqeXt2NEUEwI2wvLN6xyQw1GGz9S08oja80ZxKlqUqf2BG:MLSs9Eq45eVt2qU4NN6wVz40DjKHKE0G

  Score

  10^/10

  cerberusbankercollectionevasioninfostealerratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3