Overview

overview

10

Static

static

6

25843b325b...c4.apk

android-9-x86

10

25843b325b...c4.apk

android-10-x64

10

25843b325b...c4.apk

android-11-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    09-12-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25843b325b72bba00ab68ca7f2a7819422ed7c6598d4be58b1688c5567c91ac4.apk

  • Size

    3.1MB

  • MD5

    a2aec2843977e7005b74defbca0863f4

  • SHA1

    9727af06405b9f1f931151fd4dc5b9b7872268f0

  • SHA256

    25843b325b72bba00ab68ca7f2a7819422ed7c6598d4be58b1688c5567c91ac4

  • SHA512

    a6965b0a1df217800875d247b79382050f08edc809c5f6e25b29f10c9855ebaca6402318f01de620276209c5537b95c7de55c9c3e13b7b7459996172d7022dd0

  • SSDEEP

    98304:dzsn82vcpDD4WPEmeBmmaRQ6AnuzK6Y3mzx8V:VmZcpfFs/BmmaXemzyV

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://51.195.150.249

Signatures

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus family
    cerberus
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.receive.program
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4263
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.receive.program/app_DynamicOptDex/FE.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.receive.program/app_DynamicOptDex/oat/x86/FE.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4289

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.receive.program/app_DynamicOptDex/FE.json
    Filesize

    54KB

    MD5

    3afecd791a5ec231e56464dc0832c647

    SHA1

    2fc1bc7ec07138f4fcab373afc4abd10e9c90ddd

    SHA256

    6e2e7a320fd76f250dd11232154ee373a6ae1398fe6bfba4530def8e7f352b7a

    SHA512

    758224b59429237a98c33d690320a50a20eb86145d8a6023145e9e4568bf06cc11356a3a32d78c287100d95c1037c7b234eee6d112b72afce5d90f9ee33b77b4

    Download Submit

  • /data/data/com.receive.program/app_DynamicOptDex/FE.json
    Filesize

    54KB

    MD5

    eb41ecd1380c23173db98610d7ebaf37

    SHA1

    3b09693ee38665e76ede0d35ce82c0c964b5ad12

    SHA256

    c0b0e145ce681b926784e2e081d6790f9044e1926d5cdd4bb9faadca44b8ce1f

    SHA512

    6b4b3b3c9ec9a54aa625065226be32e7e2e95226f0257bccd9499a5ce1635c9e213d01b1167de408e4e5b599678e08cac8b5b24c4a2926ff5b709ac110197801

    Download Submit

  • /data/data/com.receive.program/app_DynamicOptDex/oat/FE.json.cur.prof
    Filesize

    821B

    MD5

    c59df11aa6929d308addd73eb0adb746

    SHA1

    147d7d954fbdcfb3abc5531ef3671b43d4717dc0

    SHA256

    6ce45bcebe0c070182a3fcca26c5cb4d5a62750f898fe8dc7f4edc4eb096b9fa

    SHA512

    d2c571c4b6d5db10e186471c211eb0588f106a0fc5371a22a1b4b251d6ea16d4891ac0cd014a14f9c5359c57e3b30226c511ac18b1d9502ada815a3831e4549e

    Download Submit

  • /data/user/0/com.receive.program/app_DynamicOptDex/FE.json
    Filesize

    103KB

    MD5

    df6211df98c22223168d126c9b1c1b67

    SHA1

    d075af69730122a1d1539e2069c6ce5356a09191

    SHA256

    cd75fc44815016efd4ad7b6b66f45a525d4304f3f8b4fdfda28ed3832be596c8

    SHA512

    76c6127f9795960ceb4d70ae7fbfa899239fc6a5665c62367e3d650d0d5b3b51b9aaf577e6639513cf2c52d8c843a60aaa03230503989d3bbed7e10ae6129833

    Download Submit

  • /data/user/0/com.receive.program/app_DynamicOptDex/FE.json
    Filesize

    103KB

    MD5

    911666e22b82ead3521944d11a49f578

    SHA1

    ccfca261159f1e77b4bc6f6f751e052425e0488f

    SHA256

    e5bbf12da75f5fa65858f9eba99922c742723e2c6206ee7568f0c16cc4ce6289

    SHA512

    fe2fc73c2fa4156f3d03bffd95bf53d464b520feb3318f4c403e5ea63b71f0cae3b48750398b90e8f75bd00d0a73db758db2cef3733fa6c16294c62bdd61b7e7

    Download Submit