Overview

overview

10

Static

static

6

86a3235e5f...18.apk

android-9-x86

10

86a3235e5f...18.apk

android-10-x64

10

86a3235e5f...18.apk

android-11-x64

Analysis

  • max time kernel
    60s
  • max time network
    137s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    02-04-2024 07:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86a3235e5fe3b107841b9ac6eb04acb4_JaffaCakes118.apk

  • Size

    2.9MB

  • MD5

    86a3235e5fe3b107841b9ac6eb04acb4

  • SHA1

    17a5ff71f1e63bcb2de859e6f8d18a4cd24d7f51

  • SHA256

    86f6bf9b039439d1f1f30325e8dea209511775fbeb55116c52299c527e463c1a

  • SHA512

    79845ce9923d43cd271957a0c349b7e634ba685daf506f9777670b07f84d867e9ead357bbebfca731421497fb8f5fc9166a7c8667351e6d6a0ff78898493c8d7

  • SSDEEP

    49152:cxXp3bY4EOqbFKvOUGISuoK/HD3vzf23I5yte1+LrPH:I5LY4qYWUGISBK/rvL23IUtV

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://tornacimamutxyz.site

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.advance.chalk
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:5120

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.advance.chalk/app_DynamicOptDex/XKjSB.json
    Filesize

    124KB

    MD5

    ead0adb768f1c05388aa56ba3976f12a

    SHA1

    aec53f0ff5e27f5fa26183c8708756a9b3e510a6

    SHA256

    506de1c662c9ad63236df8facc0497c5ae58369c50470ec6809e0f03b1f1eff6

    SHA512

    8033f18110865b175dc805307a95955e265a6c45816b52c86ee8e408a60772be6bf3a30f5307bc9b874902fcb0bd80881eb37f7d7cb12d6cec857e68d4145e0b

    Download Submit

  • /data/data/com.advance.chalk/app_DynamicOptDex/XKjSB.json
    Filesize

    124KB

    MD5

    30b16667dc0486d372af179744b29d38

    SHA1

    9d4b1f8aadeed99143ea9d56a2e0185be20f9955

    SHA256

    cb93966866741544f606bd9f21943ca967acc2d2fd51b0c324897c80d8df7d96

    SHA512

    2dd47c45d28b9eaab82e081d176fefaa66cf0259aa1d9330e0f65e691ccf5597e2aac7b94e2ee6d3d61d84447957f37bd58dd534c06d2d2d7ace3682ce9b3817

    Download Submit

  • /data/data/com.advance.chalk/app_DynamicOptDex/oat/XKjSB.json.cur.prof
    Filesize

    218B

    MD5

    5acde0cb9abf515e53fbf5f873778680

    SHA1

    a40499e788e498c020766dd3c74be7b289c53b72

    SHA256

    3f8bb292fe448440b0dffb5c5374fca805aca57766c5433f925d56ee5d286739

    SHA512

    cee4ef8d5db39fed5b9a7dc4a4226f55387e18d3f7b6023d7dc33fa574bfd75cea1ad7f1183f2ed0c59f23d81f35b2985909e6befea83bbdab7fa5843f881abc

    Download Submit