General
-
Target
da0f4ff5b71b73329e9124a28a859a3afe4303e833cf604f01de0503586206be.bin
-
Size
1.5MB
-
Sample
240629-123c9a1dkj
-
MD5
55cf505591582150d44eb3b6f1438b34
-
SHA1
13120e522d0e13595178d53aaf9a527c2ecdb8c6
-
SHA256
da0f4ff5b71b73329e9124a28a859a3afe4303e833cf604f01de0503586206be
-
SHA512
a648b000e2b941d5436af1dccacd05fff0105d1e1b30cf12c4ec04f384ff2e9f3bcbc4b16582ae5c84c3125473612a0b8ae312485dd005b378ddb7c8e8b0bcc7
-
SSDEEP
24576:BRJ2LzEYRixM6fePPbeCxFVyok3pMMZdrQO1MScE/01Cj5lvHhoU2Qn0gwliGw:w/6eLIbZtxSCs1C1lv6U2q0gwl3w
Behavioral task
behavioral1
Sample
da0f4ff5b71b73329e9124a28a859a3afe4303e833cf604f01de0503586206be.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
da0f4ff5b71b73329e9124a28a859a3afe4303e833cf604f01de0503586206be.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
da0f4ff5b71b73329e9124a28a859a3afe4303e833cf604f01de0503586206be.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
cerberus
-
uri
/villaburada.php?action=botcheck&data=
/villaburada.php?action=checkAP&data=
/villaburada.php?action=getModule&data=
/villaburada.php?action=getinj&data=
/villaburada.php?action=injcheck&data=
/villaburada.php?action=registration&data=
/villaburada.php?action=sendInjectLogs&data=
/villaburada.php?action=sendKeylogger&data=
/villaburada.php?action=sendSmsLogs&data=
/villaburada.php?action=timeInject&data=
Extracted
cerberus
.urlConnectPanel.
Targets
-
-
Target
da0f4ff5b71b73329e9124a28a859a3afe4303e833cf604f01de0503586206be.bin
-
Size
1.5MB
-
MD5
55cf505591582150d44eb3b6f1438b34
-
SHA1
13120e522d0e13595178d53aaf9a527c2ecdb8c6
-
SHA256
da0f4ff5b71b73329e9124a28a859a3afe4303e833cf604f01de0503586206be
-
SHA512
a648b000e2b941d5436af1dccacd05fff0105d1e1b30cf12c4ec04f384ff2e9f3bcbc4b16582ae5c84c3125473612a0b8ae312485dd005b378ddb7c8e8b0bcc7
-
SSDEEP
24576:BRJ2LzEYRixM6fePPbeCxFVyok3pMMZdrQO1MScE/01Cj5lvHhoU2Qn0gwliGw:w/6eLIbZtxSCs1C1lv6U2q0gwl3w
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Tries to add a device administrator.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1