Analysis
-
max time kernel
135s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
09-08-2024 22:13
General
-
Target
40f497133ba37928b8276d7b0a774778beaf2518ff82b53608be98648dd25ca5.apk
-
Size
1.2MB
-
MD5
5c59436f70e8f57b9600be224324c495
-
SHA1
c4a4e111a48af8ca14ef4ccd36320f6183e2137f
-
SHA256
40f497133ba37928b8276d7b0a774778beaf2518ff82b53608be98648dd25ca5
-
SHA512
6d664d5fb6bd2d494d97db2b7ba3b769674f8e4f9a301baa1661c981ccc7f0fd9ffcaeca3192b2d712266bbd5a4d558fd94ae0d08cd60ecaae138987f3904710
-
SSDEEP
24576:8w93w9JcP86lPFuNx84vVCx3hBYpmQevhcAXhQLh75X+TET8AF8X:DSbcU6lPF2x849wxeuuyhoh9OTETNQ
Malware Config
Extracted
cerberus
http://195.201.239.40
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.pipe.assault1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD54eed8e3f6bdd1c311db382313b9eaf8d
SHA1524cc4c109e811d360d78bcb750119cec2bdb104
SHA256f955009a6a947a3fb2fc804ccec1ed43ac6b54cd12dd0b16a1de8093ab733177
SHA51281ec22a2181d53e09afccbd33413b906db62c277e846c629fc0c117d68870c47729ffa08a257a73d4cba50bc82e48a60018c7256db4e889f6d50f21f1ae8b8eb
-
Filesize
64KB
MD544ae2b14a899213c637462b5a3fba106
SHA1b38077e14a6378b077dbb12d628112dfca266398
SHA256b24d0720d475767efad2a076ee53168719128266f2a8a4f634b96dabe0de63ca
SHA5128e4780cfca6045a00d979db822f0c72da2dcd2ce9f7ac36a642dbfdfa23017687e4479c1b96a8dc2d42c9713ba71eb0cffc6c2829ca0c5597a5b7d19447f7f25
-
Filesize
797B
MD52c4827c679bf33aef77b308aec123912
SHA11afa72ee9772e2edab6d67d3613216f314239834
SHA256813d7b719d26fbd005bc39bd9c6f344a7effc0637fa6d7ee5c676f891fead8f3
SHA5127c851bff9c5ae3c9d8a02ecc65e51fd90be50308407402f2ce6fb1c29773b93722fcf16c879f450b4042926f10a0bdd67985a7137715c8e258051467522686fb
-
Filesize
125KB
MD5479825fe1e4f4e3694ef8ca647ad7218
SHA1b71f70373b3a8bf107f30f8bbbc74e760fc14f3b
SHA256443d3602205f8d3623969be557060efaa46611cffafc201dfa1bc50ab054dccc
SHA512a76ec1f7281e7fa0fafee143a1b815cf05a93a335cdad1facad8cce31b40b74b39db235d8bedc9bacbf63362084b5d2476f9575bdd97b67b599b4389a49b5c3d