Overview

overview

10

Static

static

6

86a3235e5f...18.apk

android-9-x86

10

86a3235e5f...18.apk

android-10-x64

10

86a3235e5f...18.apk

android-11-x64

Analysis

  • max time kernel
    60s
  • max time network
    82s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    02-04-2024 07:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86a3235e5fe3b107841b9ac6eb04acb4_JaffaCakes118.apk

  • Size

    2.9MB

  • MD5

    86a3235e5fe3b107841b9ac6eb04acb4

  • SHA1

    17a5ff71f1e63bcb2de859e6f8d18a4cd24d7f51

  • SHA256

    86f6bf9b039439d1f1f30325e8dea209511775fbeb55116c52299c527e463c1a

  • SHA512

    79845ce9923d43cd271957a0c349b7e634ba685daf506f9777670b07f84d867e9ead357bbebfca731421497fb8f5fc9166a7c8667351e6d6a0ff78898493c8d7

  • SSDEEP

    49152:cxXp3bY4EOqbFKvOUGISuoK/HD3vzf23I5yte1+LrPH:I5LY4qYWUGISBK/rvL23IUtV

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://tornacimamutxyz.site

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.advance.chalk
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4292
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.advance.chalk/app_DynamicOptDex/XKjSB.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.advance.chalk/app_DynamicOptDex/oat/x86/XKjSB.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4353

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.advance.chalk/app_DynamicOptDex/XKjSB.json
    Filesize

    124KB

    MD5

    ead0adb768f1c05388aa56ba3976f12a

    SHA1

    aec53f0ff5e27f5fa26183c8708756a9b3e510a6

    SHA256

    506de1c662c9ad63236df8facc0497c5ae58369c50470ec6809e0f03b1f1eff6

    SHA512

    8033f18110865b175dc805307a95955e265a6c45816b52c86ee8e408a60772be6bf3a30f5307bc9b874902fcb0bd80881eb37f7d7cb12d6cec857e68d4145e0b

    Download Submit

  • /data/data/com.advance.chalk/app_DynamicOptDex/XKjSB.json
    Filesize

    124KB

    MD5

    30b16667dc0486d372af179744b29d38

    SHA1

    9d4b1f8aadeed99143ea9d56a2e0185be20f9955

    SHA256

    cb93966866741544f606bd9f21943ca967acc2d2fd51b0c324897c80d8df7d96

    SHA512

    2dd47c45d28b9eaab82e081d176fefaa66cf0259aa1d9330e0f65e691ccf5597e2aac7b94e2ee6d3d61d84447957f37bd58dd534c06d2d2d7ace3682ce9b3817

    Download Submit

  • /data/data/com.advance.chalk/app_DynamicOptDex/oat/XKjSB.json.cur.prof
    Filesize

    805B

    MD5

    eb8696952878e205b50df601366e269e

    SHA1

    7ba4e2d4a6ff9fc493556f46b4487f8768f3384a

    SHA256

    a347e8a6a8ca36fc57f4eef6385183d9c180ef7a5daf7272334417ac41d8006c

    SHA512

    7ae74e0ae0de04f7e54bbecf940d5ef6fc35a3b50b1e5c06e28f7b1b841bb3b28dc37eb1274b8532f2e921da3bd4552f2672df77f462d6431f2c436feb2acefa

    Download Submit

  • /data/user/0/com.advance.chalk/app_DynamicOptDex/XKjSB.json
    Filesize

    124KB

    MD5

    eb647d42c3b3857f9cd344148390b41d

    SHA1

    5895a1bb78c7ce317267425e60f4c4f200d9691d

    SHA256

    cd88379c398973722e5f2e1b7dfc011af2bf782ddee8176bb2d409883847a75e

    SHA512

    89edd5653d72b1a3446323634fae105370e8a105d3456cc362348241a26833ec803d7c52a2ded507f93153239d56b09ba0c529d85ba1c9089b9ece3005d66175

    Download Submit