Analysis
-
max time kernel
37s -
max time network
151s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
30-11-2024 22:16
General
-
Target
40160ca2c099cba41d296b813a067a40c8ad81a78bf4f51e45078e998a6da808.apk
-
Size
2.3MB
-
MD5
ced0baef1e5e03ac0fe6cf5d49bf0f80
-
SHA1
a049bbbbc4608563c2a27785f405226641817352
-
SHA256
40160ca2c099cba41d296b813a067a40c8ad81a78bf4f51e45078e998a6da808
-
SHA512
6ab76e7dfc0892507938fc4bf3708c572279ae07be453ebf04c0eec377bd9ed9ea1351494f484f89ba2c7c5bc682a1f8b0205336e0e3a2dc8a994f3b344f24e3
-
SSDEEP
49152:W9GADysPU+R8GgPyIjPWfJXfENCNlPGRVboKEe8ZqSbcvtk3X0gvbbTW8ZvDLvEg:W9GozPtzgPyvJXfENIW1BEFqSgFWkK/l
Malware Config
Extracted
cerberus
http://vamosaversisalealgodeaqui1762.shop
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus family
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.artist.essence1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD56d1e2033eb295c10751e646ec47f6bdc
SHA11c84f5e13ff3366d3dfd6ab3ae4af57e3bb0bf7a
SHA256ee481694546e458f1f08cf398a342221f0561ef21e7087b5f2887d96af13e14d
SHA5122c6a66eb3f033cacf3bd42398db4be2ad183d143b7c8b7d7210a28bd543fc542c3b13cbb1322d88224d860d6f4d446670647240f454ebb8a3b705c74dea5c656
-
Filesize
60KB
MD52dddeeea5e3767e35d7ffd87b74ab0eb
SHA1e541c08ec9e571a49db62111c12ed822a82be8d2
SHA2562ffa7a93f00f53129669786e3d0cfdd22b4098fbdf61579956726a794ae84f6d
SHA512b3705dc2c3df1c3b0f6e0b49becb84e1eb5333f9fb341579be255b935449399ac73ea3ffa35f580b02da451cffdcc91b0ae798728d46281ee7f46fc075a0eaef
-
Filesize
116KB
MD54106683f9a42bad514258325c73ab227
SHA1ca59630b1ccf9914573d0a3c5fc3ff5c4b65ad29
SHA256514570a8efc9a3b8b0c5ad02c8bc10496b70cf14f9a5daf77cb7d1a55aa20678
SHA512e5cd0c22797bd482ce6d67eba3ee79627319f645cf73c1872d88c6d41a62a356696a7671d8c66de9be565772d104df2418a6b7db1c1d7216d64757c50452818e