Analysis

  • max time kernel
    64s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    20-10-2024 22:03

General

  • Target

    f4dd810fb45d5885ffef08fcea8c081545b7babb6f5eb8a7747b223e8e4a5df3.apk

  • Size

    1.8MB

  • MD5

    2e134522d21bfc065337468dc2162807

  • SHA1

    9bd841faeaa13a4cd0ebe1d18b82cee1926a6fef

  • SHA256

    f4dd810fb45d5885ffef08fcea8c081545b7babb6f5eb8a7747b223e8e4a5df3

  • SHA512

    0897fb960888e8901bdbdd719a40e4101eac284a3bf865edac59ac32533fa1d44b5bb25184aaf0f065d03740944404a1b4559d78a27ceea22b6e079e74886df9

  • SSDEEP

    49152:fjSB8UFKzekW/hKrpOC2Qe7C9FTmuFPtY+2zLC5em2WhLcu:fjSBNKzekW/hO7fmKp2zLAemlR

Malware Config

Extracted

Family

cerberus

C2

http://94.250.253.26

Signatures

Processes

  • com.bachelor.verify
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Tries to add a device administrator.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    • Checks memory information
    PID:4460

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.bachelor.verify/app_DynamicOptDex/AD.json

    Filesize

    35KB

    MD5

    f59b67e7a40c18b9c330f5b49efdf2dd

    SHA1

    b56abb4280c0e81c6f5b1ad3c046baa8f16400b8

    SHA256

    2865a4f967fa8a18b4db9d555b232c765c1ccb65cc3cc8ecf6a50349cbbc9fc1

    SHA512

    c1f214a01ae2b228b9c26ecdc2df77101fd730700cde73200fb7f4e901a3e10bbf5a673d187ab6efb808d87e41c17d1ecb4fc1b5a550006c8a9348ab3d5472d0

  • /data/user/0/com.bachelor.verify/app_DynamicOptDex/AD.json

    Filesize

    35KB

    MD5

    b66e390609e60e04b082405419654c82

    SHA1

    3c703ae8828524476e15e6ccffa9b7b083e29d4b

    SHA256

    b1ed52b09b8f806bfbd4f61094162bb35932cec3cc36b17e1b70b39911143e6d

    SHA512

    0f258e4422acf4a50639d429f5d543b88e883028717ad822987dfd778515d002278e8a3ec7981cc9bfd32014c287885ef9e2df972e0c325ec932af83d744e833

  • /data/user/0/com.bachelor.verify/app_DynamicOptDex/AD.json

    Filesize

    77KB

    MD5

    fbfec32963eec74794d898179aee8b56

    SHA1

    cc98bdf6e6fc12d7fb8ec6caf36d7b0cb35f7ca6

    SHA256

    d15f4935437ed4422d98c2c68a1d352a781300349596adba217d9b2b94e2eca9

    SHA512

    f846a87654034a0e00044859e354598e244d4d52c0af1bc9240b143c566919c0aa108baaeb9bf24e8c030f973b1202c417e82d72db7b0b045ba2371fdc5c1bfe

  • /data/user/0/com.bachelor.verify/app_DynamicOptDex/oat/AD.json.cur.prof

    Filesize

    146B

    MD5

    2c5d021a756f1a873012b49c8daa7226

    SHA1

    93599fd3c3bc663a5d98908adfd38f5ca55fd208

    SHA256

    7771403ff36b2b1e6324ebfcdfa507fbbc11de9380e10c1ec6fce0e55f36e117

    SHA512

    0566d214cffe6c9cab9a83951e08141874dd3fb39f5f6860ce0446b88bc4350fec3d3dc3b93d9752661816246913625a7c916b4096eb12d628b0e8214d5cdb64