General
-
Target
05bf42e26c39ee57b913a38f6999a50c5d48771a23a5fce349a776e5b050eb0b.bin
-
Size
1.9MB
-
Sample
241016-2rg51axdqg
-
MD5
9de9f04f89f07dbe06b16e9c850afbf9
-
SHA1
44b9db445d0e95528abf75de809b6da19f9f8116
-
SHA256
05bf42e26c39ee57b913a38f6999a50c5d48771a23a5fce349a776e5b050eb0b
-
SHA512
dcdc8b359507eb35de08e459e1da7ecd5d62071bbf5d01681734715b47cb1cabaaa7ef63030718ba1d374af2696380f68f6cc272b504e2b1dbec9ea004dbb71f
-
SSDEEP
49152:ZAJ9EIXeRHt0ZsFCpw1CfdirCH9+5A+LrUBvs9D:Z+/mHWMCpw1ClimH9+SBvU
Static task
static1
Behavioral task
behavioral1
Sample
05bf42e26c39ee57b913a38f6999a50c5d48771a23a5fce349a776e5b050eb0b.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
05bf42e26c39ee57b913a38f6999a50c5d48771a23a5fce349a776e5b050eb0b.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
05bf42e26c39ee57b913a38f6999a50c5d48771a23a5fce349a776e5b050eb0b.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
cerberus
http://5.75.176.47
Targets
-
-
Target
05bf42e26c39ee57b913a38f6999a50c5d48771a23a5fce349a776e5b050eb0b.bin
-
Size
1.9MB
-
MD5
9de9f04f89f07dbe06b16e9c850afbf9
-
SHA1
44b9db445d0e95528abf75de809b6da19f9f8116
-
SHA256
05bf42e26c39ee57b913a38f6999a50c5d48771a23a5fce349a776e5b050eb0b
-
SHA512
dcdc8b359507eb35de08e459e1da7ecd5d62071bbf5d01681734715b47cb1cabaaa7ef63030718ba1d374af2696380f68f6cc272b504e2b1dbec9ea004dbb71f
-
SSDEEP
49152:ZAJ9EIXeRHt0ZsFCpw1CfdirCH9+5A+LrUBvs9D:Z+/mHWMCpw1ClimH9+SBvU
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1