General
-
Target
9041d9a4e505e37146edf1b1c09c654e2659241170244c0fc819fa2c2a30a3b2.bin
-
Size
1.4MB
-
Sample
240910-2b89jsybln
-
MD5
65d1b82213144fd7e1575dffb6f28d7b
-
SHA1
56cf679a01fd8fee40e2eac982f6ff2de1e5accd
-
SHA256
9041d9a4e505e37146edf1b1c09c654e2659241170244c0fc819fa2c2a30a3b2
-
SHA512
ae09a2275c9050b7a3627008b016784bd7adf87950b63655ab66c119f5d2a3f549a28c450dd8726fb5b60f0f5ff81b3bc66d012b9c2bfeaf9718fd59d3210abd
-
SSDEEP
24576:bX/kcxm9LRz6t+5WDslPpZCpw0Qptswse/FHb1WTItYDL893sWhWmMB:T09tGDDsBCFiNsuFHGmYDL898WhLMB
Static task
static1
Behavioral task
behavioral1
Sample
9041d9a4e505e37146edf1b1c09c654e2659241170244c0fc819fa2c2a30a3b2.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
9041d9a4e505e37146edf1b1c09c654e2659241170244c0fc819fa2c2a30a3b2.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
9041d9a4e505e37146edf1b1c09c654e2659241170244c0fc819fa2c2a30a3b2.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
cerberus
http://80.87.192.227
Targets
-
-
Target
9041d9a4e505e37146edf1b1c09c654e2659241170244c0fc819fa2c2a30a3b2.bin
-
Size
1.4MB
-
MD5
65d1b82213144fd7e1575dffb6f28d7b
-
SHA1
56cf679a01fd8fee40e2eac982f6ff2de1e5accd
-
SHA256
9041d9a4e505e37146edf1b1c09c654e2659241170244c0fc819fa2c2a30a3b2
-
SHA512
ae09a2275c9050b7a3627008b016784bd7adf87950b63655ab66c119f5d2a3f549a28c450dd8726fb5b60f0f5ff81b3bc66d012b9c2bfeaf9718fd59d3210abd
-
SSDEEP
24576:bX/kcxm9LRz6t+5WDslPpZCpw0Qptswse/FHb1WTItYDL893sWhWmMB:T09tGDDsBCFiNsuFHGmYDL898WhLMB
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Tries to add a device administrator.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1