General
-
Target
e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5.bin
-
Size
1.4MB
-
Sample
240806-1wwzaawanf
-
MD5
747ecc27336dabf945c58080141ebdbe
-
SHA1
99259a36c31b41a8cf2aa6874149d5029a9339b8
-
SHA256
e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5
-
SHA512
8cb512511ef6eee671492035d9312719f8b6cba42972d0aeb981546064016cd72c92a8cb68d408f1e9dd0d1b9587e3dd8c6efe81034393ea616da46b5d71072e
-
SSDEEP
24576:VzYJGU82fgS1OOx+2lZrCEV6hNPo9Wi7cQJudQE9lYAXhQLh7X5GT8Afmhv:KLqEOX2lZrC66E91cUyhohD5GT3m
Static task
static1
Behavioral task
behavioral1
Sample
e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
cerberus
http://212.109.198.127
Targets
-
-
Target
e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5.bin
-
Size
1.4MB
-
MD5
747ecc27336dabf945c58080141ebdbe
-
SHA1
99259a36c31b41a8cf2aa6874149d5029a9339b8
-
SHA256
e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5
-
SHA512
8cb512511ef6eee671492035d9312719f8b6cba42972d0aeb981546064016cd72c92a8cb68d408f1e9dd0d1b9587e3dd8c6efe81034393ea616da46b5d71072e
-
SSDEEP
24576:VzYJGU82fgS1OOx+2lZrCEV6hNPo9Wi7cQJudQE9lYAXhQLh7X5GT8Afmhv:KLqEOX2lZrC66E91cUyhohD5GT3m
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Tries to add a device administrator.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-