Analysis

  • max time kernel
    43s
  • max time network
    153s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    14-12-2024 22:10

General

  • Target

    f6dc913225e2d474af7351e72c3a25d1f0a19c58e4ff232f8b343c0ed3f8fccb.apk

  • Size

    2.0MB

  • MD5

    9e0ad00aeebfcc57107425a0e2a9035c

  • SHA1

    e5381f47c4e771ec9bb5d2d9e6abba6919f9cb6f

  • SHA256

    f6dc913225e2d474af7351e72c3a25d1f0a19c58e4ff232f8b343c0ed3f8fccb

  • SHA512

    0278f942031fbed96ecc3bfe71dd67b03823508f80ea2dca18177b584e09f00b69f34196cf40a1e6f4a7ad1e5c8d99ca0a13ca087d3741a289d60597ef04e2be

  • SSDEEP

    49152:2Hf+3NR1RLA0dmgYqbp3HhjEcQ/nzHpXfMNgQJ0WYCqZoIpD8d9XVqecD3WlP:2/kRb9dmg51HhjEcQ/zHpXfMNgQJ0NCd

Malware Config

Extracted

Family

cerberus

C2

http://5.78.71.159

Signatures

Processes

  • com.foster.grief
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5054

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.foster.grief/app_DynamicOptDex/FTJZ.json

    Filesize

    54KB

    MD5

    a9b945418a5ca87d1afc41c4b1a69173

    SHA1

    9a5b6c904ad4bd6c8f3575e1143989af759bf84f

    SHA256

    2f4d4c0d219c339f0ced2b3cadad3ea5e0660fd768a03e1eec5c378690595593

    SHA512

    4e3ebea2264c3c2448cb96931575e0202213e35f4e589f951ac2b06f90f0196b5958ec06a3402c2099ccee55964d38357682130b51353d0e4d10548c5794e292

  • /data/data/com.foster.grief/app_DynamicOptDex/FTJZ.json

    Filesize

    54KB

    MD5

    37bb4840349f61aadb719dcd37d80f36

    SHA1

    beba50a58157dace010b36b2670e23ed2eed8363

    SHA256

    6f7ae0980724939f70cd370d72bb519f284e9dc0a99cf84a724f320580d47281

    SHA512

    a75c7cfc67d26a27efc88ceddafef487ea1c40a742c1c0efc046f7efc735826fcb738178de46f088d9464537ca94a796516746620e47ce2ba5aa1648b19c039e

  • /data/data/com.foster.grief/app_DynamicOptDex/oat/FTJZ.json.cur.prof

    Filesize

    813B

    MD5

    3a05afad8f1e9483cc13fcb9d13a9cf9

    SHA1

    97000285511d85f5662ef707215e437fdae0e09d

    SHA256

    6416e8f6d6634eb07fa49d6aebd2651e8116d7dd5789c584baad18010b0438f9

    SHA512

    161cc6ec4da08dabaaafbf3f173c08c70f080ab3005e7a0169c11375d6dc2150ff173e1dc91a1a12c1e7229ea10bafbd72b7d7ca5104a4fe2908fbb69c876089

  • /data/user/0/com.foster.grief/app_DynamicOptDex/FTJZ.json

    Filesize

    103KB

    MD5

    49066cdefd54aeb385ffe98aac837787

    SHA1

    03e3e6e2049c4c3f3416e552f859fc8e6dd08ade

    SHA256

    066f88a10f433fec31050908bec2d9a1d5810240238e1e8a3571969e7c495e97

    SHA512

    86a2a7d17a61bac794348dca5ce7734c499cbf81a4918b1f9af619e196070e84c34929e17ef6fc575ebe2ae2327e0d461f7e0c1baf2303f79a70f62a4dcd6853