Overview

overview

10

Static

static

6

8fd36fd780...18.apk

android-9-x86

10

8fd36fd780...18.apk

android-10-x64

10

8fd36fd780...18.apk

android-11-x64

Analysis

  • max time kernel
    68s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    02-04-2024 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fd36fd78059b612caf4306f86f8f5da_JaffaCakes118.apk

  • Size

    3.0MB

  • MD5

    8fd36fd78059b612caf4306f86f8f5da

  • SHA1

    eff37afe2ee8864c5cdee7e07b3184a07627fcc0

  • SHA256

    bf741ef4c2558d5b8485c6de61c64e578a8198d1d050a1e1566b5e10bee207ec

  • SHA512

    ed3ab1276e8bc7cf69eb54176c491d3c63ee23d9f0d55940f322551e79941205ff194fc3d29845b1be2ca06518b0aecac6ff1735ed293964a986572a5f63f00c

  • SSDEEP

    49152:8OQRxguYJzjIt06xq/9OxeSyA6G3BOixe+zthSRfZiNUkyxlL:pHxjIfxq8cSypG3bMCex0UzrL

Score
10/10
cerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://185.182.8.36

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.quote.couple
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4209
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.quote.couple/app_DynamicOptDex/CsIa.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.quote.couple/app_DynamicOptDex/oat/x86/CsIa.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4269

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.quote.couple/app_DynamicOptDex/CsIa.json
    Filesize

    124KB

    MD5

    3de2232080ac6a4811995b7c1bf825e4

    SHA1

    ef2ee8bd6c8c7b9903ff93807ca83d2b9ef5e475

    SHA256

    6d046f6aa352743571a732a3edad4a38b735a669496448224b28203e4dcd6f19

    SHA512

    506093e6719522b94bf6cb9812d7ae465847536c5bb35f579932628f8501377579dceceecf29da02d501fecf7c83986d68e2884a92e4a39fb6d95295354cf606

    Download Submit

  • /data/data/com.quote.couple/app_DynamicOptDex/CsIa.json
    Filesize

    124KB

    MD5

    cf7cfec4ae47494ee1a2b04e5f3a7905

    SHA1

    a80188bfc50dda4d628f4bd98f3549b8e1712b7c

    SHA256

    fec13c43a4c96f9df124f937a9f79b07e237812d768a813b7c6179cd95a40688

    SHA512

    e763081559bf7b1b8570f46407ecf8254de1464219b173021ab3bd3c23d3c1ebcf4eab4268c8b43ad480b91183c219125069fed4c3723cbd6c39817dc5d792ff

    Download Submit

  • /data/data/com.quote.couple/app_DynamicOptDex/oat/CsIa.json.cur.prof
    Filesize

    814B

    MD5

    a4caa7f322ce809b0c0ab125aacca646

    SHA1

    e6149551e935860c93bb57ccb1ee882d3ba07c0e

    SHA256

    46f30b4497478cc7295574f2353a19b1f03ad5952e39bc754d9eebc489f2b287

    SHA512

    fa73b60e8a49ee791e64546dea1f6cc29ace6d5cdd2d5ab90a906e5327c1e8cd1cce527580a2ea44d2f0d3924d9d040d023ac99c4171103a098f1e1a270620e3

    Download Submit

  • /data/user/0/com.quote.couple/app_DynamicOptDex/CsIa.json
    Filesize

    124KB

    MD5

    624737ce6415a6da2691c82cb318f962

    SHA1

    ef37a4932127c7c7a776111abaafe806fd1f2140

    SHA256

    74c6db9ce64870ee3e3ea8cd9c144f8c07e76319039e4d747af5682629097143

    SHA512

    7a66546e57ae50d6e79277104803f016ab81fbe38792aeb9fe326f591adad6df72bfa75efed1fa8197eb2249e763f08eda9c131f53f2db64fe8c0aa602cda225

    Download Submit