General

  • Target

    40f497133ba37928b8276d7b0a774778beaf2518ff82b53608be98648dd25ca5.bin

  • Size

    1.2MB

  • Sample

    240809-144n4a1hrj

  • MD5

    5c59436f70e8f57b9600be224324c495

  • SHA1

    c4a4e111a48af8ca14ef4ccd36320f6183e2137f

  • SHA256

    40f497133ba37928b8276d7b0a774778beaf2518ff82b53608be98648dd25ca5

  • SHA512

    6d664d5fb6bd2d494d97db2b7ba3b769674f8e4f9a301baa1661c981ccc7f0fd9ffcaeca3192b2d712266bbd5a4d558fd94ae0d08cd60ecaae138987f3904710

  • SSDEEP

    24576:8w93w9JcP86lPFuNx84vVCx3hBYpmQevhcAXhQLh75X+TET8AF8X:DSbcU6lPF2x849wxeuuyhoh9OTETNQ

Malware Config

Extracted

Family

cerberus

C2

http://195.201.239.40

Targets

    • Target

      40f497133ba37928b8276d7b0a774778beaf2518ff82b53608be98648dd25ca5.bin

    • Size

      1.2MB

    • MD5

      5c59436f70e8f57b9600be224324c495

    • SHA1

      c4a4e111a48af8ca14ef4ccd36320f6183e2137f

    • SHA256

      40f497133ba37928b8276d7b0a774778beaf2518ff82b53608be98648dd25ca5

    • SHA512

      6d664d5fb6bd2d494d97db2b7ba3b769674f8e4f9a301baa1661c981ccc7f0fd9ffcaeca3192b2d712266bbd5a4d558fd94ae0d08cd60ecaae138987f3904710

    • SSDEEP

      24576:8w93w9JcP86lPFuNx84vVCx3hBYpmQevhcAXhQLh75X+TET8AF8X:DSbcU6lPF2x849wxeuuyhoh9OTETNQ

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the phone number (MSISDN for GSM devices)

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks