cerberus | phoenix-2024[.]apk

General

Target

phoenix-2024.apk
Size

5.1MB
MD5

ba2160d4969e8ae5af87638de8fd877a
SHA1

aa0e4fd47f2e806d8ffa2debc1325c6b1f1c2237
SHA256

6485ead2248298b48d4e677d3fb740b8ce8688bc7b4adb7a4d2ac3af827da46b
SHA512

b250c62845509736ac1c729777f89ae28275161b1103ed280d507b30e3bfee7a674bef752edae552d45fb6e2b9e5161582813c8d398d7776845b9be76878f1a7
SSDEEP

98304:lSzjfwxWeA9z9h78Rhz9y0+CkteiHvGyXztnwww2wYwvwzHHfroN7:lej39z9+0Zvte2vGyXztwhjJ4W

Score

10^/10

cerberus

Malware Config

Extracted

Family

cerberus

Attributes

uri
/gate.php?action=botcheck&data=

/gate.php?action=checkAP&data=

/gate.php?action=getModule&data=

/gate.php?action=getinj&data=

/gate.php?action=injcheck&data=

/gate.php?action=registration&data=

/gate.php?action=sendInjectLogs&data=

/gate.php?action=sendKeylogger&data=

/gate.php?action=sendSmsLogs&data=

/gate.php?action=timeInject&data=

Signatures

Cerberus family
cerberus

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 11 IoCs

description	ioc
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE

Files

phoenix-2024.apk
.apk android

com.application.chronme

com.service.app.fake

Activities

com.service.app.fake

android.intent.action.MAIN

com.service.app.AY2Gjr60JHKQ

android.intent.action.SENDTO
android.intent.action.SEND

com.service.app.IndexACT

android.intent.action.MAIN

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.CALL_PHONE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_PHONE_STATE
android.permission.REQUEST_DELETE_PACKAGES
android.permission.RECEIVE_SMS
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.READ_CONTACTS
android.permission.WAKE_LOCK
android.permission.SYSTEM_ALERT_WINDOW
android.permission.FOREGROUND_SERVICE
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.QUERY_ALL_PACKAGES
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE

Receivers

com.service.app.Main.ReceiverDeviceAdmin

android.app.action.DEVICE_ADMIN_DISABLED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED

com.service.app.nH39R2Zl2N66

android.provider.Telephony.WAP_PUSH_DELIVER

com.service.app.Main.smsreceiver

android.provider.Telephony.SMS_DELIVER
android.intent.action.BOOT_COMPLETED

Services

com.service.app.S06v8iCcu0o4y

android.intent.action.RESPOND_VIA_MESSAGE

com.service.app.Services.Access

android.accessibilityservice.AccessibilityService

Android Permissions

phoenix-2024.apk

Permissions

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

android.permission.CALL_PHONE

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.READ_PHONE_STATE

android.permission.REQUEST_DELETE_PACKAGES

android.permission.RECEIVE_SMS

android.permission.READ_SMS

android.permission.SEND_SMS

android.permission.READ_CONTACTS

android.permission.WAKE_LOCK

android.permission.SYSTEM_ALERT_WINDOW

android.permission.FOREGROUND_SERVICE

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.UNINSTALL_SHORTCUT

android.permission.QUERY_ALL_PACKAGES

android.permission.ACCESS_NOTIFICATION_POLICY

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.MANAGE_EXTERNAL_STORAGE

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

com.application.chronme

com.service.app.fake

Activities

com.service.app.fake

com.service.app.AY2Gjr60JHKQ

com.service.app.IndexACT

Permissions

Receivers

com.service.app.Main.ReceiverDeviceAdmin

com.service.app.nH39R2Zl2N66

com.service.app.Main.smsreceiver

Services

com.service.app.S06v8iCcu0o4y

com.service.app.Services.Access

Android Permissions

phoenix-2024.apk