General
-
Target
3824dfa65a96dd4739a6138889e9b9583e1aa4bf0da953e752742ea30f28821e.bin
-
Size
1.5MB
-
Sample
240915-1x2wxsvblh
-
MD5
d16876c6ef3c56faf2220258d0d8f8f1
-
SHA1
5372e7c56d9539a636fb3b6962ac37981973d5bb
-
SHA256
3824dfa65a96dd4739a6138889e9b9583e1aa4bf0da953e752742ea30f28821e
-
SHA512
e0b9ded091c49844d0dac7eb4449007f24d780f76337e8a7710961957fef669ff5019e5b34bba2cbe073254f7043e770f48820e1d46384279c14b33de73292bb
-
SSDEEP
24576:AMpMZHk57T2a1HJDWq/Aqz00/J9+WqOh3IkPxqY+mv4v4mkEE5h:nmZHO7Xq8RYASv6xqY+/4XEE3
Static task
static1
Behavioral task
behavioral1
Sample
3824dfa65a96dd4739a6138889e9b9583e1aa4bf0da953e752742ea30f28821e.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
3824dfa65a96dd4739a6138889e9b9583e1aa4bf0da953e752742ea30f28821e.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
3824dfa65a96dd4739a6138889e9b9583e1aa4bf0da953e752742ea30f28821e.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
cerberus
http://sapwatsuop.ru
Targets
-
-
Target
3824dfa65a96dd4739a6138889e9b9583e1aa4bf0da953e752742ea30f28821e.bin
-
Size
1.5MB
-
MD5
d16876c6ef3c56faf2220258d0d8f8f1
-
SHA1
5372e7c56d9539a636fb3b6962ac37981973d5bb
-
SHA256
3824dfa65a96dd4739a6138889e9b9583e1aa4bf0da953e752742ea30f28821e
-
SHA512
e0b9ded091c49844d0dac7eb4449007f24d780f76337e8a7710961957fef669ff5019e5b34bba2cbe073254f7043e770f48820e1d46384279c14b33de73292bb
-
SSDEEP
24576:AMpMZHk57T2a1HJDWq/Aqz00/J9+WqOh3IkPxqY+mv4v4mkEE5h:nmZHO7Xq8RYASv6xqY+/4XEE3
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests changing the default SMS application.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Tries to add a device administrator.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1