Overview

overview

10

Static

static

6

57990e111b...93.apk

android-9-x86

10

57990e111b...93.apk

android-10-x64

10

57990e111b...93.apk

android-11-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    184s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    10-08-2024 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57990e111be3e5f5dde47041547604d3cff8ac155eb1dd0fd3c09c4c3baca893.apk

  • Size

    1.8MB

  • MD5

    17f57399b70ede566fbf6c34c330071f

  • SHA1

    ca25deaec19570f59fe0695ecf8ad00beb237c78

  • SHA256

    57990e111be3e5f5dde47041547604d3cff8ac155eb1dd0fd3c09c4c3baca893

  • SHA512

    2f392e0832f0eee4e9c7e4943d12cd3ab8b094351880523cd87485e17ed7ef0a881a99cbc5cef4fe977a0730c07cde85cf4708ed49bb27d41575d683ba4202bc

  • SSDEEP

    49152:21ksPksJQ0nIuF0FexH66+9l3uFzWcDXLheemTWhLql:235tFCC63K3DXLUemis

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerprivilege_escalationratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://94.250.253.26

Signatures

Processes

  • com.coconut.direct
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Tries to add a device administrator.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    • Checks memory information
    PID:4450

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

SMS Control

1
T1582

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.coconut.direct/app_DynamicOptDex/CU.json
    Filesize

    35KB

    MD5

    fd5377a2cab2f6229d85cc391c3a2563

    SHA1

    397af4e05023f2b8794849f077557049a3d368de

    SHA256

    290c3c5e3c25567628616c72b633327e3b0f2e264bb04c20ba6f83da814c0999

    SHA512

    e136a1c83c2adf104a63fde0c4efb5d181626473791546c28a9d1d19e985eba15db69c6711a2368836c0d8c0a17fc23be00abb7931cd31b1817356db00bfef3a

    Download Submit

  • /data/user/0/com.coconut.direct/app_DynamicOptDex/CU.json
    Filesize

    35KB

    MD5

    8b64519eb3505f5ee9a62c1f35f35af7

    SHA1

    6697dde4fa8020e33ce81599ee7099342481d22b

    SHA256

    f4a33171a6f6cafef7ec675308ab61bc70cbb42375fb4367198b9f022de56e92

    SHA512

    023e55526ed76750b04fc5e00df3baab97c55402b03f21e459f14c5ef3ed24eab31e8d5d56b840c5da2de884b1239d320d1b4b025eb7958b64c4ac1b124e2ede

    Download Submit

  • /data/user/0/com.coconut.direct/app_DynamicOptDex/CU.json
    Filesize

    77KB

    MD5

    fbfec32963eec74794d898179aee8b56

    SHA1

    cc98bdf6e6fc12d7fb8ec6caf36d7b0cb35f7ca6

    SHA256

    d15f4935437ed4422d98c2c68a1d352a781300349596adba217d9b2b94e2eca9

    SHA512

    f846a87654034a0e00044859e354598e244d4d52c0af1bc9240b143c566919c0aa108baaeb9bf24e8c030f973b1202c417e82d72db7b0b045ba2371fdc5c1bfe

    Download Submit

  • /data/user/0/com.coconut.direct/app_DynamicOptDex/oat/CU.json.cur.prof
    Filesize

    144B

    MD5

    acc9c4c78162bfba02c2df1f9b930d04

    SHA1

    cc0de20d9918aa8158530b57f0926b02cf52fdf2

    SHA256

    7165303b509b224c1bc84023c4b19ebdfe6caee7faed3d83a6a5a86c429fc348

    SHA512

    359cf75aa4a0a0097756b16ac3e81c94a0d846d0b9c1a97ecdfe450c970cafafd020d60ff5054dec7a22c0fc87cac039c4c35decf9c4cdbbf3cc7cbf80b709a0

    Download Submit