General

  • Target

    ef80429d554a6f7a0b1ad97a2ca5df4d

  • Size

    160KB

  • Sample

    240823-21vsfsscnd

  • MD5

    ef80429d554a6f7a0b1ad97a2ca5df4d

  • SHA1

    18492f451511e2f736646ed61778365c6936f342

  • SHA256

    2b43af46398ece7b9e1e41bb7c2e2ff3ec227edb38283bea7622115bb76a7823

  • SHA512

    11c0599ce5b3a82b0438a8a41d965417e45fb41ba9b8511a6104544738270bf1c4abff0429c20957dc7427663e7c4281529330d068364ef64f50c61c1e828c17

  • SSDEEP

    3072:gMG+RF83rVeAghsxDehY8JqdkBHqH+QQDDDRsI9OsI90/HdXAdPZ/HdXAdP+l:gm6rVeAghEDvKqduiQq4Xk/Xk+l

Malware Config

Extracted

Family

cerberus

C2

http://lanadelrey.top

Targets

    • Target

      ef80429d554a6f7a0b1ad97a2ca5df4d

    • Size

      160KB

    • MD5

      ef80429d554a6f7a0b1ad97a2ca5df4d

    • SHA1

      18492f451511e2f736646ed61778365c6936f342

    • SHA256

      2b43af46398ece7b9e1e41bb7c2e2ff3ec227edb38283bea7622115bb76a7823

    • SHA512

      11c0599ce5b3a82b0438a8a41d965417e45fb41ba9b8511a6104544738270bf1c4abff0429c20957dc7427663e7c4281529330d068364ef64f50c61c1e828c17

    • SSDEEP

      3072:gMG+RF83rVeAghsxDehY8JqdkBHqH+QQDDDRsI9OsI90/HdXAdPZ/HdXAdP+l:gm6rVeAghEDvKqduiQq4Xk/Xk+l

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Removes its main activity from the application launcher

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the phone number (MSISDN for GSM devices)

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks