Overview

overview

10

Static

static

6

a335f0e0a4...2b.apk

android-9-x86

10

a335f0e0a4...2b.apk

android-10-x64

10

a335f0e0a4...2b.apk

android-11-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    17-11-2024 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a335f0e0a4abe5e2bc7d3b94156c659698ac8fab3dbd1d4d325cfd04200a842b.apk

  • Size

    2.0MB

  • MD5

    13abb47183acfc62a64b0e25eaf789ec

  • SHA1

    f47533dda39d3e7ab2710affb3d883db8c061169

  • SHA256

    a335f0e0a4abe5e2bc7d3b94156c659698ac8fab3dbd1d4d325cfd04200a842b

  • SHA512

    93021edd1ec809fb0fb1105fa2afdb57860bb348ad5140266049e833cd1c8009625c10df342d5b593601674e6ffe0b69545339760a77e0061ce3405aafb61a52

  • SSDEEP

    49152:1z5GXJ66spXXJo+uygU68WuE0J0801d1oihBE5ecl1dIpkJcRp5Tc:1WU6spnJojyg9uohBEyMuTc

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://5.161.217.34/

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus family
    cerberus
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.cake.cat
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4220
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cake.cat/app_DynamicOptDex/pjBps.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.cake.cat/app_DynamicOptDex/oat/x86/pjBps.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4244

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cake.cat/app_DynamicOptDex/oat/pjBps.json.cur.prof
    Filesize

    827B

    MD5

    5f0237173a6eea73d5bae5e67e1af0a8

    SHA1

    8732c9d4677615986921d094185197bf23419014

    SHA256

    26cbd0bdd5018a3b0907c6e10a6bcf3c8816f21a4788920d7e700099cca24f01

    SHA512

    078c845a52d705c4aaa3c04fdab9b95104bf9295bb9d0c526d2bc143e13d66ab25a1d3d88ae9fbaf3176e07997dc8580341071d06aa9eb2df85c4bc8008d814c

    Download Submit

  • /data/data/com.cake.cat/app_DynamicOptDex/pjBps.json
    Filesize

    54KB

    MD5

    11fd64cf976c1737e4c03b8615efcd92

    SHA1

    026b81b6367cfb43f921b959ce8e7aea8acbb6a0

    SHA256

    5fd405ef5251f9235d59974e5c58e766cfc60c9e0ebfb9745c127deae057fd3d

    SHA512

    63cb44547eaf6d2d06ccf9e6a068d16f144097eaac55f1806d69bcc14bd9f1a81857d71a21a234285bc123a4633aeca2c2df1017c3bb9e33b1f92c4034cf36d2

    Download Submit

  • /data/data/com.cake.cat/app_DynamicOptDex/pjBps.json
    Filesize

    54KB

    MD5

    3ffa592bb11aa860888d8cda46438c6c

    SHA1

    d0efe5dddef964d2f26e31395dd3b5769df49f15

    SHA256

    27ae9bdedaa076249c1f383b88a198f22d77519b63f113740dc30b770ea372fc

    SHA512

    695f4e23308b60219e616f59ad88e95ac823725ec13287a14e439b27bb840e89c3b132df27569c4c595d2c64963ec000716ab6cc4c2c4195c10edb44cafc7a16

    Download Submit

  • /data/user/0/com.cake.cat/app_DynamicOptDex/pjBps.json
    Filesize

    103KB

    MD5

    9035599ec98d03cd09c5205a19fc58fb

    SHA1

    5428bf94bffec5e4d0085a29c82616c1675b2df3

    SHA256

    a0104d684c6df3e0ea5d3a0ec72d9473679f3ba6408c48755f0cec90f71f6790

    SHA512

    443887e4f1977c060c82e8cbcec4e419264e72ab692e88d686398961afc404a1eb19a75a7cd592d265feb2ba51f571fa97a38c002f62c9e505c46fb088dd7976

    Download Submit

  • /data/user/0/com.cake.cat/app_DynamicOptDex/pjBps.json
    Filesize

    103KB

    MD5

    ea63d5e6cb2f364f13aa98afd3d627ee

    SHA1

    1d36bfecf0114c280441201bd09fd033579c7084

    SHA256

    3ebe00586c01f9aa99c36238c407534bc03b19a87d3f141a1f20de274b32e141

    SHA512

    0676888c807253bccb7c43dc62b591942619f4eb5f3ae9beaaf0b4d31d8d6f1862c511af401c4541bcec9b409ace0b2fa6755fcf5473949affc2ed948e154d90

    Download Submit