General

  • Target

    7928faa5eb8eafd8d00cae4e1f4211c6e052dec94918a84bb97691bb8aed60de.bin

  • Size

    3.3MB

  • Sample

    240805-1y2bsatela

  • MD5

    225f60b0d39359026351dbe1f5f09b98

  • SHA1

    7525b0c5d190479009265172dd5070baf710b08f

  • SHA256

    7928faa5eb8eafd8d00cae4e1f4211c6e052dec94918a84bb97691bb8aed60de

  • SHA512

    c6855e86fdf6a40e046a6205171dc735aaf900ea392e6f2e15d6080624960fab7205fc87f1f175ff0e680d1d60885d9bd23801b9c51441aec35e0cbd3498e410

  • SSDEEP

    98304:s4ZR8WnuDh1iEFkvWvoKKg/r881/xP+eCRbIBA7oRH:s4UWnK1ihg48n+JRbIB+0

Malware Config

Extracted

Family

cerberus

C2

http://23.95.225.100

Targets

    • Target

      7928faa5eb8eafd8d00cae4e1f4211c6e052dec94918a84bb97691bb8aed60de.bin

    • Size

      3.3MB

    • MD5

      225f60b0d39359026351dbe1f5f09b98

    • SHA1

      7525b0c5d190479009265172dd5070baf710b08f

    • SHA256

      7928faa5eb8eafd8d00cae4e1f4211c6e052dec94918a84bb97691bb8aed60de

    • SHA512

      c6855e86fdf6a40e046a6205171dc735aaf900ea392e6f2e15d6080624960fab7205fc87f1f175ff0e680d1d60885d9bd23801b9c51441aec35e0cbd3498e410

    • SSDEEP

      98304:s4ZR8WnuDh1iEFkvWvoKKg/r881/xP+eCRbIBA7oRH:s4UWnK1ihg48n+JRbIB+0

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the phone number (MSISDN for GSM devices)

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks