Overview

overview

10

Static

static

6

c05946a73f...18.apk

android-9-x86

10

c05946a73f...18.apk

android-10-x64

10

c05946a73f...18.apk

android-11-x64

Analysis

  • max time kernel
    53s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    04-04-2024 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c05946a73facef6df631d6d550234fb0_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    c05946a73facef6df631d6d550234fb0

  • SHA1

    8fe54373dac56c98e6853e9df9e8ddb5fd5f74c8

  • SHA256

    e47462b6c50a6e16a1f1fc99f5c2c96a748296ec756144618215aebf1805ae3e

  • SHA512

    e71e45d93f924b55a15cd32e781dd778371a16b8badaef1725d6943196d3dfb0a0bbb87e18357ce241ef5856ee25c41c5bb4b2e2091c69975240a7330c9a390e

  • SSDEEP

    49152:tMN9OzvpB6oRnnpRqsC6MA8wQeq883vQTUE+daQhVFHXL4jMUxNLds9tNgJjY:tsozT6kzqer8wW93+eLXNXLjUJ5s

Score
10/10
cerberusbankercollectiondiscoveryevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://194.163.139.138

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.liquid.injury
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4186

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.liquid.injury/app_DynamicOptDex/Ru.json
    Filesize

    124KB

    MD5

    20dec78f5edb49ccf58b9bbf190f2cf6

    SHA1

    42825c9cd85104aa2ab78aa73da2a2c30dff38c2

    SHA256

    392fe771bffd8193f32b4642d3396001fd52c206f60fb33544a7f61271500641

    SHA512

    775ff479f8b922e74955898aae209122b3801a9f5bc8a01e955ace25d827e7a7eecbe78b1622be97bf266247d9703fa5d28533355899de33cca3ac93e4537c61

    Download Submit

  • /data/data/com.liquid.injury/app_DynamicOptDex/Ru.json
    Filesize

    124KB

    MD5

    bc292e422d28af907aefa2fe6a307c6d

    SHA1

    1633a4a9315f184047475f14d4c99516be2e9f76

    SHA256

    72b73084149e7b1aa6d12d1527933a7b6efdcaf432912ed7ecfc8857a8b75071

    SHA512

    18ab01c59a68501ac7840890c048c71010f535f147ca757c624dbb665e27123184b186179bfe4552ed72ab8253efbed5d5b6a10eb8d70c1f79d75dfa8e1db704

    Download Submit

  • /data/data/com.liquid.injury/app_DynamicOptDex/oat/Ru.json.cur.prof
    Filesize

    204B

    MD5

    4326d49e28e2c9660722449088030ff2

    SHA1

    27ec4e390b1b32244f75b8697332ccb66a4c250e

    SHA256

    4c929ce1da2c5407664e192a4ea97c75d27876cc2357ae9c3c4f5c2d32413ba0

    SHA512

    5d385ed4111fd79a06b9f8c22d9409b11d2ff96cdda31de3905f4f8c09cd11faa93e68c8b4318ab7b52ac703568cec2406b0dcf624fda37db03d0e32ed6aaa11

    Download Submit