Analysis
-
max time kernel
61s -
max time network
190s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
04-08-2024 22:07
General
-
Target
5fb2ce96bae3cec46068b2d96bc10ac1fc7c86acca3cc195902329accc912f57.apk
-
Size
1.5MB
-
MD5
bc4c1a700c1c60a8d6b7faab332f5e8e
-
SHA1
9fbae184190305a3129543417395e5518fe5dab7
-
SHA256
5fb2ce96bae3cec46068b2d96bc10ac1fc7c86acca3cc195902329accc912f57
-
SHA512
6b9552f87af82fb2ff4e32ecef6cca4dfd73c1dbc17f587c193cb2426af7338d0215c018777dfafe1991f2fddab70b240a9a3bb6a41526cc8c65c10a0c41aa71
-
SSDEEP
24576:/fSqDzZqd1eqLkjGuTU3ln7o+g/5jR8AdV/hFoSLVE0UNqeGqs/AjFVf7H+3DOS1:yZpi0++ghjJfhaSh9Yqe2oTH+zOS8O
Malware Config
Extracted
cerberus
http://149.154.69.61
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.tunnel.plastic1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Tries to add a device administrator.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
34KB
MD5df1854d785da297840eac04b91ab85ce
SHA13def106cdb6c5283ea86801033d6f8763c90400a
SHA256c31b31d3d229d79556c33e98d295a16610aaa3b3216fa84e1b22bdcb885384ae
SHA512f1d440fa45bd74ef10e4349a6c6b15a1d6b30fe5228343e263bebfa3c29ee471d7bd7409846440f7bc5889a4bca4264b0918f34158375809010b0dcd1866f9cb
-
Filesize
34KB
MD519e328e93772e7105d3c1c5363ecc73a
SHA1676176fd1946dff7116880227dc95396ac984751
SHA25670fa8ce6599adfa7de1b4e9752da5b0add6b1148cc5427b28dfc0e1f8b023993
SHA5122e3edd0049c20e4f71f12a0486bec0a9026c6119b315d42e0bef5a19c3b759cb9f1814db1f281022f1bd34749352f01f4a8e40bec66b80bcb0a9ec3f87161c71
-
Filesize
76KB
MD563923423718da9c71d4d1936dbde75ca
SHA1fb2325e3a253b8313c29fd2271ae2cf5eaed0a27
SHA256ce339dfa992184173b2c967778f2fb0b16bfb972d949b1986b74dcbf61b1b7c1
SHA512cdc187789174600e982ce18b6208e0175d65555f2a77552a2d6d1930243a1cbeae94392671c8fc0132244123e1e7ece22b5d8e7a445d8275e7f5cd3bdbcb3e4d
-
Filesize
149B
MD50af861a0bcc954a45e17ff16644decda
SHA177d7055c8ea94931392b39640fbc41ac42241a94
SHA256f1b066fd97e398b04fd7ca1dce004788c404766ec0b90a2d999156f4c2ff85b1
SHA5126f5146ab35ee8fdd90d0f57125a2d57e2bb901d70618e3ba00c39e975cbaea00ee76f074b3ab157fffd68bfcad611a4db55adb9f0b8637a8a0efb63f63fe6458