Analysis
-
max time kernel
38s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
17-10-2024 22:08
General
-
Target
59f7f18ddb4e625024b726457fda42804431937d9e3419d501309e582fa73f5e.apk
-
Size
1.1MB
-
MD5
94ce75f38300e5d4506e3ad1d4410027
-
SHA1
dd6af50b87d0fb8f738697026db7dd56a22c6342
-
SHA256
59f7f18ddb4e625024b726457fda42804431937d9e3419d501309e582fa73f5e
-
SHA512
c64f14b6f54d38224fae6a98ba2e2f813bcde388e3a28ff6318f664c05bb7143da5c77c5f6e263724f6f2850d42e3148253eec1d37eea876457565c138bfec35
-
SSDEEP
24576:RAtpsQXe4K0EMvFInQAmqpv7RvCvYLT49jzhdEQi2Zvxzr:RAtbe50EMvWQAmqpv70v8Tmd6Qi2xxzr
Malware Config
Extracted
cerberus
http://kaanworldmotorscamping.ga
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.nerve.alter1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD5b5c1d7446d937d10038380e1e30ac2b3
SHA1dc1eece3b43c53cc337a736c814e1ac95f141d62
SHA256e6dcc0fc4c02517d995ad3e61cdfc1a007747ac18613064e042525bef6f61443
SHA51201b78bbb834067f503ac3449ea16e08b60f09fdeaf340a3f906b5b346ef5add83d5e86ac60313f05dcc21a4e81d686835fda48e8786a81baa46876dc16485886
-
Filesize
54KB
MD5ca8efeaeea912569c7afcdbdc6a9988a
SHA12934c218596739578ffdcf994c154c5f0da687a9
SHA2560440ed52d8bbacd195d1f4f5fe696cec2c7ab63d400961dcc8c4ed3c3bf724bc
SHA5125b271982933fd732a97af8bea22337df3f60d8b85c0140c64e1010ca770c27c21e9d6f9751bfcd7cb15aa6b69dc2afe0612683c7e3e9c1542c972c6285708e89
-
Filesize
103KB
MD51f63ca682468f83d0a3451b4e32a9ffd
SHA14e98cd15b2cb9ef7632d475b297f12cb7a1f0671
SHA25663f4d892a9e1fcf1211d929e2e1a5ab4e9956f1cc1c9fcb4d87761d5cd3494cc
SHA5121ab5a3307e5c85fb343d70224cccc22d9a9cf51fe083874d9f700468fa7aaed3a6c2d6025c0c8305ff92a025bfe038baca66c4cc6732fa16bce0b44060cdcabb