General

  • Target

    6551bfe71f831df013fa2230428e9f92034f477d501b5e70499ae850fa254bf7.bin

  • Size

    1.5MB

  • Sample

    241219-1ycy7a1les

  • MD5

    ab5f9cad1f0898a237b3811876a14175

  • SHA1

    7c0176778ee7d70354096dfbd305e3775054d53d

  • SHA256

    6551bfe71f831df013fa2230428e9f92034f477d501b5e70499ae850fa254bf7

  • SHA512

    6dcd53aa8da2dfcfc2e3ded48b638efb979b84bf3a8fee4b6a042fc4bb7e16f0eb750bc5c7fd7de16aff1b22480f7c39ca20193152043ebc4f6e2fd3629a1ec4

  • SSDEEP

    24576:gMUMCawzYtAQOaqyYDAYuheFRmK3XtQwouEe/Fr/xPvsV0HLksKem/sWhWmXXz:HzCawzYSJH/lXFRmKt/ouEuFr1y0HLkV

Malware Config

Extracted

Family

cerberus

C2

http://sappzaebiservak.ru

Targets

    • Target

      6551bfe71f831df013fa2230428e9f92034f477d501b5e70499ae850fa254bf7.bin

    • Size

      1.5MB

    • MD5

      ab5f9cad1f0898a237b3811876a14175

    • SHA1

      7c0176778ee7d70354096dfbd305e3775054d53d

    • SHA256

      6551bfe71f831df013fa2230428e9f92034f477d501b5e70499ae850fa254bf7

    • SHA512

      6dcd53aa8da2dfcfc2e3ded48b638efb979b84bf3a8fee4b6a042fc4bb7e16f0eb750bc5c7fd7de16aff1b22480f7c39ca20193152043ebc4f6e2fd3629a1ec4

    • SSDEEP

      24576:gMUMCawzYtAQOaqyYDAYuheFRmK3XtQwouEe/Fr/xPvsV0HLksKem/sWhWmXXz:HzCawzYSJH/lXFRmKt/ouEuFr1y0HLkV

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Cerberus family

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the phone number (MSISDN for GSM devices)

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Requests changing the default SMS application.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks