Analysis
-
max time kernel
38s -
max time network
166s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
30-12-2024 22:02
General
-
Target
e47c787c819e88bd2188bc2016d974cf5b21ab278c811c6f80b2c8731c5b162b.apk
-
Size
2.0MB
-
MD5
d40038df72ee6bb8a9a78ef60dc8b015
-
SHA1
d842cc95bef6e9ec848a50f2ce255e835f4b1327
-
SHA256
e47c787c819e88bd2188bc2016d974cf5b21ab278c811c6f80b2c8731c5b162b
-
SHA512
1cdb26a82bc2048cacf812864f1660459a87c4fb4044981db0ad0d8f324a47a4f88b812ede96f248b616be0e8c9d6ac5d21e1232891c98b99abea2c69321e82d
-
SSDEEP
49152:Cs1w/M6NuHSaK2P/hVkZdUtnD4WHKNHaNcOvem1/l:CsFKpGvWUD9HKNKem1N
Malware Config
Extracted
cerberus
http://5.75.176.47
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus family
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.sentence.senior1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD5d9c0133cb61e19cff9c8042fc0d4cbb1
SHA149f8d4e6fed804bdea3046f5722ea5ea8b90e263
SHA2567779eaef93c278741cc6f8d95e7137397f3479efe17a9081f6d4004dab539849
SHA512abeac8316ace4f78cb935a52db25b40b8360c02b6325887350c620780fe46f9387bb350b4bb4f57917946b60f75af25ad9fc7abf4fd227a5ae27c81e97b54b4d
-
Filesize
54KB
MD58bfac8049f12e5e2dead73943dff5726
SHA18362787fd6eb292ee30d31493f962e72cfedebdb
SHA25686d794727c347e091e4e6cd286a2392b39da15ef27a113d03a48c715e79ff67c
SHA512c4559ae4d83f137ca498c5d830622e10d83d92e9f89ad0e4a984ba241b5f3c818803614167df7a0c5c0590e8156b4368e03a2328a07187337d50f243bf1a073b
-
Filesize
102KB
MD551809b6bb1b61100944d3dc23b31b40e
SHA1a22b9dae49cd88724bf089e0a9cd87d61150ba94
SHA2569321b44bebde5bc321aa1618aaf8e91571dcb2f068aa9bed5d9c936b43fb2027
SHA51242014decb8e52efd198321134c6c7c547fc30718576c2d8bca9cd410782cdc9b3753d7400e75f82c081873d29de96c5175be90d22647390d4f003c811cc06f43