cerberus

General

Target

faecf55db465a39442e679e6fe47ab9a_JaffaCakes118
Size

3.2MB
Sample

240419-xahb8adb3t
MD5

faecf55db465a39442e679e6fe47ab9a
SHA1

caa22afad87d73792e7209224eb7cdaea9b5a416
SHA256

e37660730f3a87fdd9b237847e5d56017e9f344578608c0af44c5c4eacb7ae3b
SHA512

87f1130d1dc377ef1bcb26d1b3a50a6bc3d3daeccd42b540dfc0030964002ca7dfd5534d06d3c6d0622f19f21accafa7b0e034df2a8993d28ff361e1b5e75454
SSDEEP

98304:MacDQCcxnv8BqxVlLX5PlI9bgkaFivU/D4pIrHjo:MacDQCclwqxVbPlI9bPaFiyo

Score

10^/10

Malware Config

Extracted

Family

cerberus

C2

http://tamakontelloycaxyz.site

Targets

- Target
  
  faecf55db465a39442e679e6fe47ab9a_JaffaCakes118
- Size
  
  3.2MB
- MD5
  
  faecf55db465a39442e679e6fe47ab9a
- SHA1
  
  caa22afad87d73792e7209224eb7cdaea9b5a416
- SHA256
  
  e37660730f3a87fdd9b237847e5d56017e9f344578608c0af44c5c4eacb7ae3b
- SHA512
  
  87f1130d1dc377ef1bcb26d1b3a50a6bc3d3daeccd42b540dfc0030964002ca7dfd5534d06d3c6d0622f19f21accafa7b0e034df2a8993d28ff361e1b5e75454
- SSDEEP
  
  98304:MacDQCcxnv8BqxVlLX5PlI9bgkaFivU/D4pIrHjo:MacDQCclwqxVbPlI9bPaFiyo
Score

10^/10

cerberus banker collection credential_access discovery evasion infostealer persistence rat stealth trojan impact
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the mobile country code (MCC)
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests disabling of battery optimizations (often used to enable hiding in the background).

Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3