Analysis

  • max time kernel
    28s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    15-12-2024 22:03

General

  • Target

    b4b4ece945c624bc320176b247f00738b3cc9303ec18e4b6e0c3c615a2b258e6.apk

  • Size

    1.9MB

  • MD5

    a8268fa1e1d710baf579e3e04f76e172

  • SHA1

    12057ef4e05ba16d10c47d65e694bc541ac0d7d4

  • SHA256

    b4b4ece945c624bc320176b247f00738b3cc9303ec18e4b6e0c3c615a2b258e6

  • SHA512

    2fe16767109c27ccd233838eb7a0340a6dd23a8c10a6576ad2cd4fd92f3a8181fe859777476d89578b58d81777ef884a873c621635a6fd39e497418d69ebfdde

  • SSDEEP

    49152:6DTj+AE7yrjNfIWJlt2jZjJm0J0801upwQM73v14OPcl1dIpkJnR/5pQ:2+ANrxAmb25Jfq14uMzpQ

Malware Config

Extracted

Family

cerberus

C2

http://5.161.217.34/

Signatures

Processes

  • com.there.card
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5049

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.there.card/app_DynamicOptDex/wQ.json

    Filesize

    54KB

    MD5

    75d5e85114c1ca8533e15bb5c9bd4175

    SHA1

    10da87a3491ba81566a1320190c6efb99ed38943

    SHA256

    c894fbcf00c3dd6770abb86f1d7bbc99abe4a0d1876ab83dedaf3293da2d6689

    SHA512

    234c423a1c8a1bf15c5467a994c36c615926dc0544a4c4f36272d08a1acf65e0957759619891c24d61cc1f135488ed78586f7b82b44d0f6a2ca48daa5c26abdf

  • /data/data/com.there.card/app_DynamicOptDex/wQ.json

    Filesize

    54KB

    MD5

    1bc426827e019506183381ccfc4258fe

    SHA1

    46469ee86390ae1a8c98f1632b1d8ed18ec7dfa3

    SHA256

    99dd7a16a996a9808c9dc7f029f53212fc89f84b89ecf4fd285850964f51834d

    SHA512

    26808747316116f411a530b03985303d582975a688e5589f3603d8c09ba56ba88e4374c94126051f5bdb27463de062afe10feb1718b18255a6052cb270ff344c

  • /data/user/0/com.there.card/app_DynamicOptDex/wQ.json

    Filesize

    102KB

    MD5

    bfce3902d48e51fee4361e9aaa0a659b

    SHA1

    e45ab73b51b6cd31901e6fa197a11afefdd1ea06

    SHA256

    80dae8f525c99dae8513432657450a8680dad67c710d9417e6d5bc93694c13fa

    SHA512

    8dbad75298c4746856166a3a6f5bf6e5e1f87883823e91c1904fec8a94afb81b53b05e3fea020712535f35f4d3a10b2e78cba4658d7dd8923dead33f7ef4d68f