General

  • Target

    e4c1e2a3725743e222fdd4e0595d3ed719bb0aaa7f807cdfd19c4b7514b86dec.bin

  • Size

    2.4MB

  • Sample

    241111-1zty4axgnf

  • MD5

    bd2b31bfc19969adb576378211e35c57

  • SHA1

    9d30a1367b2d49b33589e5a2a64c8fd85a7bc702

  • SHA256

    e4c1e2a3725743e222fdd4e0595d3ed719bb0aaa7f807cdfd19c4b7514b86dec

  • SHA512

    82ffce27a5c36e98b7595e821c1ce9bad21fbb5d9b54fe638776e9f020282eee134468370a41348cecf92079b08d6fc5c55a9d1de1672a1bda86a7b85b5f49c5

  • SSDEEP

    49152:zg4Df6NauDKp9a8zogmUZt6LyPH1FWoKpqZ+euOj2j:zLLuDKp9a8zogmu6AKTpqJu/j

Malware Config

Extracted

Family

cerberus

C2

http://83.220.175.199/

Targets

    • Target

      e4c1e2a3725743e222fdd4e0595d3ed719bb0aaa7f807cdfd19c4b7514b86dec.bin

    • Size

      2.4MB

    • MD5

      bd2b31bfc19969adb576378211e35c57

    • SHA1

      9d30a1367b2d49b33589e5a2a64c8fd85a7bc702

    • SHA256

      e4c1e2a3725743e222fdd4e0595d3ed719bb0aaa7f807cdfd19c4b7514b86dec

    • SHA512

      82ffce27a5c36e98b7595e821c1ce9bad21fbb5d9b54fe638776e9f020282eee134468370a41348cecf92079b08d6fc5c55a9d1de1672a1bda86a7b85b5f49c5

    • SSDEEP

      49152:zg4Df6NauDKp9a8zogmUZt6LyPH1FWoKpqZ+euOj2j:zLLuDKp9a8zogmu6AKTpqJu/j

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Cerberus family

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the phone number (MSISDN for GSM devices)

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Requests changing the default SMS application.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks