Analysis

  • max time kernel
    57s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    18-09-2024 22:01

General

  • Target

    17c3733b95c316547ab7381184069e49b4da696dc88cd46b990633840a15f1c2.apk

  • Size

    1.3MB

  • MD5

    5a4696bd35a5d3074702a05e6c1488b6

  • SHA1

    4065862dc662b8f61f0d2613d81312823f78df80

  • SHA256

    17c3733b95c316547ab7381184069e49b4da696dc88cd46b990633840a15f1c2

  • SHA512

    0046b6eac60407857267904b08ea2fe47ae058fd770bdd8969e820e5a05dda31b283569554654103b0f0014e4994376a7976bd4075fc649431cff42f34120a1c

  • SSDEEP

    24576:lbgeyG2HKqYcyXGyl+nfnJTptdbtNe/FPIViBZSVvL/LkKem4sWhWmZldr:KNJHKB/l+nfBVtNuFPJoVvL/LXemZWht

Malware Config

Extracted

Family

cerberus

C2

http://80.87.192.227

Signatures

Processes

  • com.junk.fish
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4978

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.junk.fish/app_DynamicOptDex/oat/xMuBh.json.cur.prof

    Filesize

    189B

    MD5

    710519bb5dfc1a97bf1dda3aa67162cf

    SHA1

    be0aecf7546f0f4d8fe805f0aa57d0bb9437b110

    SHA256

    f02416383f5a1a6ba8d67be1562fef23d1e9950a5089a85f69355f2d105bf07d

    SHA512

    c56a47399e5df5efaa9224eb91806d70fe77d61cf465dc77889941bddf571c0df685834c7783849ebd65d3f0a97af2a0239daa3410f80dab2228818c3289c29a

  • /data/data/com.junk.fish/app_DynamicOptDex/xMuBh.json

    Filesize

    34KB

    MD5

    0fc6b8b6fbb35fb0daf50051543836bd

    SHA1

    7e875308e59158917633cea6f4779afaffe4e281

    SHA256

    aefde327a13ba461ee3d1ea19890cbb685c31892beece7e666aca7225d7120bc

    SHA512

    c26f18e5141d7f7907258333d52460dfc01892c1778574daf9ae88cb2393f94b042e38692d94289f06f9b9be4541b2fe299bd91024cde99ba9511e5921744275

  • /data/data/com.junk.fish/app_DynamicOptDex/xMuBh.json

    Filesize

    34KB

    MD5

    aa1f360f82cf7f1010a13c274e83f566

    SHA1

    e13a5ad74c833214a95289290720c6a81bcb440b

    SHA256

    e0dc966c5b7daf5a1a2c37f1b0f61a10a9649c6f59f0554d919a15dae83213d8

    SHA512

    bb279d8a5faea93eb4b2c4e3317f3ebfb5bd777bf9da5d128504187b6bd73a10e1956a33be8db66aea37aacfb5648ed1f01b689a94bc78693d3ec06b463c7174

  • /data/user/0/com.junk.fish/app_DynamicOptDex/xMuBh.json

    Filesize

    76KB

    MD5

    262d9655c7d686d31b55aa1976061517

    SHA1

    5f6d350e5e6ae66afee5ddddf4aceaf5dcb8899c

    SHA256

    df1baa0be867f09df28532c5078b0c84f1f133e5b33182143f776ae3751779b0

    SHA512

    b660b7636b06b2aff6e4da60346424ba6902a3e247760e211f628b0ad582d36eff04acbba3e600442a0da57449316f458643f49ff34ce82f2cc8dfbe2e8aa16b