Overview

overview

10

Static

static

6

615b861ed6...98.apk

android-9-x86

10

615b861ed6...98.apk

android-10-x64

10

615b861ed6...98.apk

android-11-x64

10

Analysis

  • max time kernel
    62s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    16-12-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    615b861ed6225b27b43f480ab638f33ea8509330989b13f08038599553d27298.apk

  • Size

    1.4MB

  • MD5

    a729a979527b84ec35a427a3b22448ef

  • SHA1

    c4f3a103a96752bf53091dc599e5fcdb94be806b

  • SHA256

    615b861ed6225b27b43f480ab638f33ea8509330989b13f08038599553d27298

  • SHA512

    c54f4c5d0dfcc3498e9643703a72c79feb304d58f487fad0183186fb7e208742887e2f2300c256f0262d0c43129b8c2cc76e8c3c9323e01b8112e71a73155f57

  • SSDEEP

    24576:2X6rlizVxoeY3qlXyEsqEcUSqOp36PNv6Rmtrt4re/F7+pex/cHPL1nKemesWhWH:zZixiu5vsq1YOQJzp4ruF7nEHPL1Kemt

Score
10/10
cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerprivilege_escalationratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://petkinssaps.ru

Signatures

Processes

  • com.kid.couch
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Tries to add a device administrator.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    • Checks memory information
    PID:4501

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

SMS Control

1
T1582

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.kid.couch/app_DynamicOptDex/RGc.json
    Filesize

    35KB

    MD5

    59ff1dfe6a895706aeb0574f4c9f89b6

    SHA1

    61b818c0c2d5c8576d099e7f3adfee1f1fe56cbf

    SHA256

    17ece2eb3f091a1d0f34670d39df88bac31bc37892367a6c536c2bc6c4bb12c9

    SHA512

    caba4bd8935a8daa577c3cf54d7ce7c4a3da43cb134d1f54159b1e977c0a84b7ca95758ae7184ed68fcbc266532950359d3b04edd62e4cafbe73adf2c7ce7382

    Download Submit

  • /data/user/0/com.kid.couch/app_DynamicOptDex/RGc.json
    Filesize

    35KB

    MD5

    fe53c5bde06612f87def1eab5dca9be5

    SHA1

    719aa8bbec5cf1bd2bdf347ef1bb703947f5702c

    SHA256

    56a18fe936c584031d3b29058a57125949c3a82321a35b3aee93438616021213

    SHA512

    ea9ad3fe5155606c6718c5dc07ab220e49853f97b971e5642a414ff0f4f1638709363c2307b116a6f5f031a201e699dc20255752f3f07226e2f5fa2292176358

    Download Submit

  • /data/user/0/com.kid.couch/app_DynamicOptDex/RGc.json
    Filesize

    77KB

    MD5

    453d3411c90fe94cf39cf29f49ea4a04

    SHA1

    d48d0eb739f3dc991c45e0bfb869c6d851fed30b

    SHA256

    776dca8dff7f768acac158dfa7af50844dd7751448f2da279db06c06644014ff

    SHA512

    7a14c22d105422e09b021b79fcd32673e3e3bc6965439ec5a669a6c570be18104321a04e82508bf002e2c6b0dba6de5809fe45b4d9b0f15da12b2ddd41372d3b

    Download Submit

  • /data/user/0/com.kid.couch/app_DynamicOptDex/oat/RGc.json.cur.prof
    Filesize

    149B

    MD5

    58b26a5797da061f08ad5d97ef9072c4

    SHA1

    5a7f1cadf68b6c323004f89bb50670e5f18d6a19

    SHA256

    ef12d3f487d98d84be786b5374183c1d84586256dc3f951fce1a2fb8b3eea154

    SHA512

    94c8714d864d1b5a63d22ca62c88b08c08eb974f35207fad3a66d0278e7db3fc521ae12559018f85699109a62e9a417fc318d545c8272d8d1a11c926444a85c3

    Download Submit