General
-
Target
386bea3cc06fdbb0c0a84b6d3a5f6fa7d98a9b82991722f462bc1f245b7df269.bin
-
Size
2.2MB
-
Sample
241110-13xt6aweqj
-
MD5
48d309be88c82fa6f8f167e7d5cee849
-
SHA1
881b0b0a713e86a45438e88585f6e82aa08d7383
-
SHA256
386bea3cc06fdbb0c0a84b6d3a5f6fa7d98a9b82991722f462bc1f245b7df269
-
SHA512
92259126673691a2f12d7e007dd64c7847582b79ef62e4d3b71cc7086c346393c6c55b377f5a7c997d48289c1fb7efe68404a44928d97165f086878c6071ee36
-
SSDEEP
49152:zc95Lz0L4GE0ouP6X2EZCplrGFVvo2Ee8ZqSbcXtk3X0gLbbTWEVvjLpbQjRUZ8u:zc95cL4GOX2EZcKhxEFqSg9Wk+/WSjLB
Static task
static1
Behavioral task
behavioral1
Sample
386bea3cc06fdbb0c0a84b6d3a5f6fa7d98a9b82991722f462bc1f245b7df269.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
386bea3cc06fdbb0c0a84b6d3a5f6fa7d98a9b82991722f462bc1f245b7df269.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
386bea3cc06fdbb0c0a84b6d3a5f6fa7d98a9b82991722f462bc1f245b7df269.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
cerberus
http://65.109.233.134
Targets
-
-
Target
386bea3cc06fdbb0c0a84b6d3a5f6fa7d98a9b82991722f462bc1f245b7df269.bin
-
Size
2.2MB
-
MD5
48d309be88c82fa6f8f167e7d5cee849
-
SHA1
881b0b0a713e86a45438e88585f6e82aa08d7383
-
SHA256
386bea3cc06fdbb0c0a84b6d3a5f6fa7d98a9b82991722f462bc1f245b7df269
-
SHA512
92259126673691a2f12d7e007dd64c7847582b79ef62e4d3b71cc7086c346393c6c55b377f5a7c997d48289c1fb7efe68404a44928d97165f086878c6071ee36
-
SSDEEP
49152:zc95Lz0L4GE0ouP6X2EZCplrGFVvo2Ee8ZqSbcXtk3X0gLbbTWEVvjLpbQjRUZ8u:zc95cL4GOX2EZcKhxEFqSg9Wk+/WSjLB
-
Cerberus family
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1