Overview

overview

10

Static

static

6

e4c1e4c6c9...f5.apk

android-9-x86

10

e4c1e4c6c9...f5.apk

android-10-x64

10

e4c1e4c6c9...f5.apk

android-11-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    06-08-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5.apk

  • Size

    1.4MB

  • MD5

    747ecc27336dabf945c58080141ebdbe

  • SHA1

    99259a36c31b41a8cf2aa6874149d5029a9339b8

  • SHA256

    e4c1e4c6c91c097d7f8e8a63a3ec9a57447caea932f8c3701ffb326190a0b2f5

  • SHA512

    8cb512511ef6eee671492035d9312719f8b6cba42972d0aeb981546064016cd72c92a8cb68d408f1e9dd0d1b9587e3dd8c6efe81034393ea616da46b5d71072e

  • SSDEEP

    24576:VzYJGU82fgS1OOx+2lZrCEV6hNPo9Wi7cQJudQE9lYAXhQLh7X5GT8Afmhv:KLqEOX2lZrC66E91cUyhohD5GT3m

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerprivilege_escalationratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://212.109.198.127

Signatures

Processes

  • com.abuse.put
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Tries to add a device administrator.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    • Checks memory information
    PID:4475

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.abuse.put/app_DynamicOptDex/aci.json
    Filesize

    34KB

    MD5

    bb9b9b57e5693e837c159ff4a2adb27f

    SHA1

    73f92fc4fb08ae0aa0222f5925a45ab71573bbfb

    SHA256

    9ffaf577744334e68ebd72234c3e72310f33435b4b57d8e083f91f6601108341

    SHA512

    447c08eccdee1482c14d7dd9bb3f078486d751f7f90ae22e343add9f999a303146bfeb192872bf7be78dfa502bf802b1c2a15ff10d3428e0a464bed0201352ba

    Download Submit

  • /data/user/0/com.abuse.put/app_DynamicOptDex/aci.json
    Filesize

    34KB

    MD5

    09a288fa2cac08cd82260b31839d072d

    SHA1

    a2c2020cc846137d8f2dd9ce416a396df790c9c0

    SHA256

    aefe60b0f455d84524479dc70ad9e80279d6e34ef939f4118692be83fc0f65ae

    SHA512

    90384bc0e9aa6fc183d8cb4e4efe123a0d6040946425113042552751116a751ce335942308cfeb180a7f5981bd6231c0d591f049eba4112f9fc158d0b88f6b05

    Download Submit

  • /data/user/0/com.abuse.put/app_DynamicOptDex/aci.json
    Filesize

    76KB

    MD5

    ffc14c1925004660506364445e76896e

    SHA1

    680b2883d1a52ac3ac078278e5343c17dcf4968a

    SHA256

    297774b1fcb1300f1b9412af579ad224f0fe6728c8724ffa3e5142bb6d86cdff

    SHA512

    8e9aced62559d379a1d9d267e52e721d16b61e1d83853b2b797587d8943fe483ef1c2adec0d75189b19182f153a44d07f2d00fc3257dd889a719852b7d25a2cf

    Download Submit

  • /data/user/0/com.abuse.put/app_DynamicOptDex/oat/aci.json.cur.prof
    Filesize

    148B

    MD5

    b4778af5828a0be00cda7a0867fca49e

    SHA1

    8d9646922f8e453ea78f6dc04a56f119d70c0998

    SHA256

    04e63cf81c8473b0cde36fca205dd9819cbab8693ff5c0db6db9cb408426ed19

    SHA512

    e0d81f99927a3ea8565e924eeea6698a0fae7f00fbcd3b9ce99bd07d2139de8d4c2ee8d21a2e8d9c5e53b6a6c8657a6648757ce75c7c60211aaeb48ccf9d58b4

    Download Submit