Analysis
-
max time kernel
67s -
max time network
189s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
09-08-2024 22:13
General
-
Target
40f497133ba37928b8276d7b0a774778beaf2518ff82b53608be98648dd25ca5.apk
-
Size
1.2MB
-
MD5
5c59436f70e8f57b9600be224324c495
-
SHA1
c4a4e111a48af8ca14ef4ccd36320f6183e2137f
-
SHA256
40f497133ba37928b8276d7b0a774778beaf2518ff82b53608be98648dd25ca5
-
SHA512
6d664d5fb6bd2d494d97db2b7ba3b769674f8e4f9a301baa1661c981ccc7f0fd9ffcaeca3192b2d712266bbd5a4d558fd94ae0d08cd60ecaae138987f3904710
-
SSDEEP
24576:8w93w9JcP86lPFuNx84vVCx3hBYpmQevhcAXhQLh75X+TET8AF8X:DSbcU6lPF2x849wxeuuyhoh9OTETNQ
Malware Config
Extracted
cerberus
http://195.201.239.40
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.pipe.assault1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD54eed8e3f6bdd1c311db382313b9eaf8d
SHA1524cc4c109e811d360d78bcb750119cec2bdb104
SHA256f955009a6a947a3fb2fc804ccec1ed43ac6b54cd12dd0b16a1de8093ab733177
SHA51281ec22a2181d53e09afccbd33413b906db62c277e846c629fc0c117d68870c47729ffa08a257a73d4cba50bc82e48a60018c7256db4e889f6d50f21f1ae8b8eb
-
Filesize
64KB
MD544ae2b14a899213c637462b5a3fba106
SHA1b38077e14a6378b077dbb12d628112dfca266398
SHA256b24d0720d475767efad2a076ee53168719128266f2a8a4f634b96dabe0de63ca
SHA5128e4780cfca6045a00d979db822f0c72da2dcd2ce9f7ac36a642dbfdfa23017687e4479c1b96a8dc2d42c9713ba71eb0cffc6c2829ca0c5597a5b7d19447f7f25
-
Filesize
153B
MD56a8ac17d4a9ed48dd9eb6e3de27f8a1f
SHA1d730029ced3008f84bdf9feabc0dc4cc5a2d4dd0
SHA25685ccc07402111479b8efca00c9ac6f7bcc8cfddb34c609a46c1596dea01b88f9
SHA5122eb4c686385748bddadbc91d516ebc866bd57da04925db81aff9c3e25741f5af8f2e1e68c77ad58bdb9347a41ae21a8a78980ce459046bcc1307bb6a6caf3eb8
-
Filesize
125KB
MD5479825fe1e4f4e3694ef8ca647ad7218
SHA1b71f70373b3a8bf107f30f8bbbc74e760fc14f3b
SHA256443d3602205f8d3623969be557060efaa46611cffafc201dfa1bc50ab054dccc
SHA512a76ec1f7281e7fa0fafee143a1b815cf05a93a335cdad1facad8cce31b40b74b39db235d8bedc9bacbf63362084b5d2476f9575bdd97b67b599b4389a49b5c3d