Analysis
-
max time kernel
61s -
max time network
147s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
06-01-2025 14:14
General
-
Target
JaffaCakes118_28410521a9b1c16fdb9f023140dea669.apk
-
Size
2.3MB
-
MD5
28410521a9b1c16fdb9f023140dea669
-
SHA1
6b40677d775473c4e8fe06614b06e6780bcab397
-
SHA256
25bf855a1211003061517243f9b648072410208663d3084c73458a11d57fa1a0
-
SHA512
b2dabae6d7c43d04bea502c88a0c698340b2469899bebdbf6ae4e76a85f76d91a846932f8470c2762aab2887aa959f2a5db2389bf67b12a6833f0e424dc8b032
-
SSDEEP
49152:AOGrydMxjuHJjNpOesFQnC9S5t8Lyl55pv5CcLcLWpxr+YeXV6P46Kzydb:AtGMxjuHJ5pASnC9emel/pM/LW36YeFY
Malware Config
Extracted
cerberus
http://185.182.9.77
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus family
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.next.drastic1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD549d3f4bfac4ac528f46aee5f22e4b807
SHA10147d1beec774393e3cd74731d46f2ae7171724b
SHA256557dade52a1e5191375344bb9d2a601b52b3aaf4e42debd866c0fbd7f274755e
SHA512aa7ab3e863f583bdac9852eafa3728d189e8f4af9270f94a2273046ac413d66eefd7d02d8d91240d42665cebc3c998038cbf820de6082a05df9ef9db36f00a00
-
Filesize
124KB
MD53dabbeca4b1f5ffa5b3c5b1bc9c9b690
SHA17e5034067a9be25311df2bef7d7801ae8863da28
SHA256d61d410670cf556d816a57a5d511cae6231ba8c0a966d0659f6034609edb0356
SHA5127c2ddf64a6b4ed79a9d91ac7e3a3546cad5ca7be2b7f667dfd43c904dd400082dd95857a3f76128f1ff04107455138ded1a183b459d860d3e1a67b4e0df04626
-
Filesize
199B
MD5d3fe45e3c4bebcb0e0a950b2d46d6a1d
SHA12b11b00198be9dc895ab6cde37294224a8f84ee8
SHA2565b47920b89d34b968f26e505cdd3d59675f9ff2afddbede173b6ed7b70e539b8
SHA5126fbb6f4edc812b5ce91917cfcb8c42782fc17e63d2366c638a3a891281005762e4aafb3f24352f0dba4e9724b442b47dd017809304e80ee147edb991efb0e5f0