Analysis

  • max time kernel
    43s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    15-09-2024 22:02

General

  • Target

    621445ec34bf63e4cb9af752431dd5ed595e1001fefee5fc2c05920fd9739fba.apk

  • Size

    1.2MB

  • MD5

    74f307885e245707e7b0e99621866f52

  • SHA1

    1c5c287a03e2f94fdcee35dd60f9d820b7350dd6

  • SHA256

    621445ec34bf63e4cb9af752431dd5ed595e1001fefee5fc2c05920fd9739fba

  • SHA512

    dded30f7106bc3a65de9e10f1466434b828f50f4a9636609b18e108c3adad0783e9810d36e5e4f2776dd26c29d8b1de499b201a024bc889743e93cb65e3f89fd

  • SSDEEP

    24576:zMLMlWybpzt6KsSnxWnj5KBuZfJTahBqcyKb86+mv4I4mHeeq:gYIOz6KsSnxWnVKBuZBEljb86+Y4ueeq

Malware Config

Extracted

Family

cerberus

C2

http://sapp300smikaniytraktorista.ru

Signatures

Processes

  • com.suggest.express
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5154

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.suggest.express/app_DynamicOptDex/Gf.json

    Filesize

    64KB

    MD5

    b235dfff3c76388ac85c006a8ac0e4a6

    SHA1

    c4ea48f68301c433a3b74480b20ea2511018a7e1

    SHA256

    2513387a62a9eb85564878d53681b6d29491b7b8270f9112ca38bfe330529e1f

    SHA512

    715094d2422661351cf367b9e336aa39438f0f248b730a8837c01035dde1dd24678f4ffeb613aa5943f00c3b8a0c0fd1858067fb7285b13c0fbe19831e9215b1

  • /data/data/com.suggest.express/app_DynamicOptDex/Gf.json

    Filesize

    64KB

    MD5

    43106f9036f82d240183d8b0852c51bb

    SHA1

    cb9b8e6a57a9e7c0de526dc1ae4bd69f0a0be375

    SHA256

    44cfa5f146a96b17c421c408ca8ee7e299d1ed3110633c407669bf6730f9eeb7

    SHA512

    08e09e395ee629f21b926f0f301700aa5862f7c992b38ff35df54726c4f29af3320ac45e8f34ba1a25a34fe907342bfedcb497aceb6c2be829e2755a4dfcabc2

  • /data/data/com.suggest.express/app_DynamicOptDex/oat/Gf.json.cur.prof

    Filesize

    230B

    MD5

    44ef60b22680c9335ef1d2a1655c3621

    SHA1

    60d21d12642676338bbcdb4503ecbaf891b228a1

    SHA256

    33379df375b4a8f76f74bc3ea844dcc72ce88bf17d306090cb56ddd267ffb63a

    SHA512

    cb8c3d97131b5368c47ce996dee873684f9477db20cb4f5a244630ba0d1b730e923aaa52a05355e65e4d76004d433b70384bc0340ac959a94d4bd8c4b003309f

  • /data/user/0/com.suggest.express/app_DynamicOptDex/Gf.json

    Filesize

    118KB

    MD5

    f5f7cfe297dd285e5d199ff01b95f110

    SHA1

    11d5c88a36d9409b4d23c4ab4d96c35d1a99c3f8

    SHA256

    fbb800072f3201a3563f1df05315b0a598d7746ef25521ec97579b08e76501d2

    SHA512

    caf63d4a8c7beae9068aef0df6ed5bc77ba81a969214f409fa55d1728b5d4e0e5d361b78188915164136e80a1a8ecb095da3b79b8824c02815637f906837f06e