General
-
Target
501eb3e8474ddd35728b11248df2e9629afb6852b9281940059fcae7b9043522.zip
-
Size
1.2MB
-
Sample
241025-byg6ga1eld
-
MD5
ee3dac4971a8e69c1fda0c5e82c5a25b
-
SHA1
7156303c8a2345113510b6da56913625b30b49b4
-
SHA256
501eb3e8474ddd35728b11248df2e9629afb6852b9281940059fcae7b9043522
-
SHA512
3c160bf57786acc1bf83dd040a20a299f4614c2fdc860728357d4c05bc9a54f4e56ff459b5201389f8926986db196a8da4bfea159c863cd2b55e9fbfe8521f06
-
SSDEEP
24576:PolR/rDxk0t/aTAD+xpx/IgMI/qqOd86V9Q8gfmYOfPbEpMpXFEgzMIGcoR8:Por/rDxkIAADEr9MMwVjge3QSpXCgzMi
Static task
static1
Behavioral task
behavioral1
Sample
501eb3e8474ddd35728b11248df2e9629afb6852b9281940059fcae7b9043522.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
501eb3e8474ddd35728b11248df2e9629afb6852b9281940059fcae7b9043522.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
501eb3e8474ddd35728b11248df2e9629afb6852b9281940059fcae7b9043522.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
cerberus
http://135.181.83.2
Targets
-
-
Target
501eb3e8474ddd35728b11248df2e9629afb6852b9281940059fcae7b9043522.zip
-
Size
1.2MB
-
MD5
ee3dac4971a8e69c1fda0c5e82c5a25b
-
SHA1
7156303c8a2345113510b6da56913625b30b49b4
-
SHA256
501eb3e8474ddd35728b11248df2e9629afb6852b9281940059fcae7b9043522
-
SHA512
3c160bf57786acc1bf83dd040a20a299f4614c2fdc860728357d4c05bc9a54f4e56ff459b5201389f8926986db196a8da4bfea159c863cd2b55e9fbfe8521f06
-
SSDEEP
24576:PolR/rDxk0t/aTAD+xpx/IgMI/qqOd86V9Q8gfmYOfPbEpMpXFEgzMIGcoR8:Por/rDxkIAADEr9MMwVjge3QSpXCgzMi
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1