Analysis
-
max time kernel
61s -
max time network
146s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
17-11-2024 22:10
General
-
Target
a335f0e0a4abe5e2bc7d3b94156c659698ac8fab3dbd1d4d325cfd04200a842b.apk
-
Size
2.0MB
-
MD5
13abb47183acfc62a64b0e25eaf789ec
-
SHA1
f47533dda39d3e7ab2710affb3d883db8c061169
-
SHA256
a335f0e0a4abe5e2bc7d3b94156c659698ac8fab3dbd1d4d325cfd04200a842b
-
SHA512
93021edd1ec809fb0fb1105fa2afdb57860bb348ad5140266049e833cd1c8009625c10df342d5b593601674e6ffe0b69545339760a77e0061ce3405aafb61a52
-
SSDEEP
49152:1z5GXJ66spXXJo+uygU68WuE0J0801d1oihBE5ecl1dIpkJcRp5Tc:1WU6spnJojyg9uohBEyMuTc
Malware Config
Extracted
cerberus
http://5.161.217.34/
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus family
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.cake.cat1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
823B
MD56edb087a0aeb9ce66c96e5820c00db24
SHA1d6da49c294e4abf468872b71c677dcf2e746307f
SHA2562a850991dd066ff787c8dfe5281ba791e98e339f3977e3d032e86f23297f4af6
SHA51288cfacb9b7b7647b234712ca8817682761075eae67dc44dc8d993b2bd95c9b17bc357cfd42dab0567cc7b59113f21b83c5fb7b28203b695fd4ce33701a3f0c60
-
Filesize
54KB
MD511fd64cf976c1737e4c03b8615efcd92
SHA1026b81b6367cfb43f921b959ce8e7aea8acbb6a0
SHA2565fd405ef5251f9235d59974e5c58e766cfc60c9e0ebfb9745c127deae057fd3d
SHA51263cb44547eaf6d2d06ccf9e6a068d16f144097eaac55f1806d69bcc14bd9f1a81857d71a21a234285bc123a4633aeca2c2df1017c3bb9e33b1f92c4034cf36d2
-
Filesize
54KB
MD53ffa592bb11aa860888d8cda46438c6c
SHA1d0efe5dddef964d2f26e31395dd3b5769df49f15
SHA25627ae9bdedaa076249c1f383b88a198f22d77519b63f113740dc30b770ea372fc
SHA512695f4e23308b60219e616f59ad88e95ac823725ec13287a14e439b27bb840e89c3b132df27569c4c595d2c64963ec000716ab6cc4c2c4195c10edb44cafc7a16
-
Filesize
103KB
MD5ea63d5e6cb2f364f13aa98afd3d627ee
SHA11d36bfecf0114c280441201bd09fd033579c7084
SHA2563ebe00586c01f9aa99c36238c407534bc03b19a87d3f141a1f20de274b32e141
SHA5120676888c807253bccb7c43dc62b591942619f4eb5f3ae9beaaf0b4d31d8d6f1862c511af401c4541bcec9b409ace0b2fa6755fcf5473949affc2ed948e154d90