Overview

overview

10

Static

static

6

615b861ed6...98.apk

android-9-x86

10

615b861ed6...98.apk

android-10-x64

10

615b861ed6...98.apk

android-11-x64

10

Analysis

  • max time kernel
    56s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    16-12-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    615b861ed6225b27b43f480ab638f33ea8509330989b13f08038599553d27298.apk

  • Size

    1.4MB

  • MD5

    a729a979527b84ec35a427a3b22448ef

  • SHA1

    c4f3a103a96752bf53091dc599e5fcdb94be806b

  • SHA256

    615b861ed6225b27b43f480ab638f33ea8509330989b13f08038599553d27298

  • SHA512

    c54f4c5d0dfcc3498e9643703a72c79feb304d58f487fad0183186fb7e208742887e2f2300c256f0262d0c43129b8c2cc76e8c3c9323e01b8112e71a73155f57

  • SSDEEP

    24576:2X6rlizVxoeY3qlXyEsqEcUSqOp36PNv6Rmtrt4re/F7+pex/cHPL1nKemesWhWH:zZixiu5vsq1YOQJzp4ruF7nEHPL1Kemt

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://petkinssaps.ru

Signatures

Processes

  • com.kid.couch
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4991

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.kid.couch/app_DynamicOptDex/RGc.json
    Filesize

    35KB

    MD5

    59ff1dfe6a895706aeb0574f4c9f89b6

    SHA1

    61b818c0c2d5c8576d099e7f3adfee1f1fe56cbf

    SHA256

    17ece2eb3f091a1d0f34670d39df88bac31bc37892367a6c536c2bc6c4bb12c9

    SHA512

    caba4bd8935a8daa577c3cf54d7ce7c4a3da43cb134d1f54159b1e977c0a84b7ca95758ae7184ed68fcbc266532950359d3b04edd62e4cafbe73adf2c7ce7382

    Download Submit

  • /data/data/com.kid.couch/app_DynamicOptDex/RGc.json
    Filesize

    35KB

    MD5

    fe53c5bde06612f87def1eab5dca9be5

    SHA1

    719aa8bbec5cf1bd2bdf347ef1bb703947f5702c

    SHA256

    56a18fe936c584031d3b29058a57125949c3a82321a35b3aee93438616021213

    SHA512

    ea9ad3fe5155606c6718c5dc07ab220e49853f97b971e5642a414ff0f4f1638709363c2307b116a6f5f031a201e699dc20255752f3f07226e2f5fa2292176358

    Download Submit

  • /data/data/com.kid.couch/app_DynamicOptDex/oat/RGc.json.cur.prof
    Filesize

    230B

    MD5

    cef2ac106d4b3006d46b23c9906926e1

    SHA1

    52c44c1d00627f5eeda2100b051a3f15e740f27f

    SHA256

    a9dce105fe3c515660eacd5c9178ee84c247e610d72ff5971d0ed3d53b3f2bc9

    SHA512

    ae633c3006f4e59e9b197c666a14593f91973ee8c279d21b8a40408cb0d3d7cf3c321468b6979c11d5688375fbd28e6c478b207595587bbb07acdcd8352453e2

    Download Submit

  • /data/user/0/com.kid.couch/app_DynamicOptDex/RGc.json
    Filesize

    77KB

    MD5

    453d3411c90fe94cf39cf29f49ea4a04

    SHA1

    d48d0eb739f3dc991c45e0bfb869c6d851fed30b

    SHA256

    776dca8dff7f768acac158dfa7af50844dd7751448f2da279db06c06644014ff

    SHA512

    7a14c22d105422e09b021b79fcd32673e3e3bc6965439ec5a669a6c570be18104321a04e82508bf002e2c6b0dba6de5809fe45b4d9b0f15da12b2ddd41372d3b

    Download Submit