Overview

overview

10

Static

static

6

8fa80c5384...b7.apk

android-9-x86

1

8fa80c5384...b7.apk

android-10-x64

10

8fa80c5384...b7.apk

android-11-x64

Analysis

  • max time kernel
    77s
  • max time network
    187s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    21-07-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fa80c5384bcb23fc9333572ede167a34f24acbbac7e189b627d8ba58c0d2db7.apk

  • Size

    3.1MB

  • MD5

    2b1d961b745b3d1cc9792d231efb316c

  • SHA1

    95c4a90f8021a06435355bbb7438509bb6b92013

  • SHA256

    8fa80c5384bcb23fc9333572ede167a34f24acbbac7e189b627d8ba58c0d2db7

  • SHA512

    0e9f525de01085783bdf808e786a05c4ff42c07c62848dca78bcb547ad3e36a81258394dc68ad59fb01c67b2eb92ecfe1a91d33061b3e6427d9d5bb5a50fa93f

  • SSDEEP

    49152:Fy7QoenfSYHDIyTbblnqmzxzsqqECSyOpF+kKawlN2cNXHwCzCaWlSFFpGb7TKcY:gQouxbblhzxgyBlKawXHzCacSIbgAe

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://194.163.159.65

Signatures

Processes

  • mistake.nose.other
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5054

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/mistake.nose.other/app_DynamicOptDex/oat/sHQA.json.cur.prof
    Filesize

    243B

    MD5

    dcac098af119d358497cdda2f53c4eb2

    SHA1

    03b7f8268f379b956bdc9d308af5a34e787198f3

    SHA256

    feabac91621352fcfa7e43b64b8a14435c4fa605a93f93c32f37bbbf04242064

    SHA512

    f316997a14ad66aabfdb0768ef056848baecb41f7a07608945efe906ca3f3dd676bb8b56e4e21a538c0f75e58f68bdccf1c0c96775372e51c81d552b946b2131

    Download Submit

  • /data/data/mistake.nose.other/app_DynamicOptDex/sHQA.json
    Filesize

    745KB

    MD5

    f01c37c96001103bf771467324c23cd9

    SHA1

    795fc72fcc03987001d5cea279b04eef86f249fb

    SHA256

    4705e3e3dd7ce83885e4681b3c6e5930e5046a4c7490e4f9a3cae653a550e3d2

    SHA512

    098200742b1a4ad102cb41d2e2ca0644be2b0060599ef0a2dd4da0f744988ce8d58264a134bc6bfbaa6ae2bcaac722723cfb9f25b8350ee2848cef9887d33a6c

    Download Submit

  • /data/data/mistake.nose.other/app_DynamicOptDex/sHQA.json
    Filesize

    745KB

    MD5

    5a4b2b997d379e8d27520de39177ea52

    SHA1

    86c0305bbe1a5ee143b356d3b61afac43fc00a5f

    SHA256

    e518a36dc6b3648e70de61db43754058f7034e3de4c9298928e076591eafed1e

    SHA512

    aff8583001c5af4efbe2fa941bb18fbe20d4acba7ad6df52b6bc45b8cb935ca1750ce0bf27aad58822d21cad78a362edfaa9ef12afc63e3f0e76f7c216733f03

    Download Submit