Analysis
-
max time kernel
37s -
max time network
157s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
13-01-2025 22:05
General
-
Target
9f27dc864bde034b381e8d6f5528194867b5338c0a176c15efee136208143d19.apk
-
Size
1.1MB
-
MD5
4ecacc991c3ae16a9daa8036d54b93d5
-
SHA1
9626c8a65b8951e47ff20af9f436c38043cb6e2d
-
SHA256
9f27dc864bde034b381e8d6f5528194867b5338c0a176c15efee136208143d19
-
SHA512
a0198f0b937e4d34f9f484aba5cb3d988c4907de4b308e0badd6e5420be45062fe56a3b9dff718b4f7fde1c4dd3494f53e3f8e0c87e19fee8fb26032357d9872
-
SSDEEP
24576:mMnMOtjOs1njWqhBQguNiJdnWoDda/xgpO:tMOMS6q4guNAdBdSx+O
Malware Config
Extracted
cerberus
http://sappzaebiservak.ru
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus family
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.agent.burst1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5c7e52191ff29f44750bfed9695b66e45
SHA1ff49aa4342bd79d072a1a451cd426f320268a673
SHA2566a466a20fb1037bac9ba44c3879aad03e688f8375b227f8e758751628cc0a19a
SHA512674df13e4677df90e338c6ae1e101271f5daab63b08ab245c75505c15aaedc4583cd1221099ae10d906fb11d912ad98a0ea9acb8a2094d4b79c77a2c67451f94
-
Filesize
64KB
MD58945b9860c421ed3cdc43053b605c6bb
SHA1f3118b9c25b8bc5b8124611baec580c611b36632
SHA256f6e67517d3919364ff349659e9cc0473b29384eefdae91d131d66201ad5b9510
SHA512fa812e1e537249e427d1da71afe8241e804ec3d611f63fba6f6b87403555929152a25c9b8bb3fedb4379185e2f246e081365d2fc92e5dab65348302a3db9da45
-
Filesize
118KB
MD508f818e7b9a7b3d91d0c64db2adfe623
SHA11e17fc5a6bd7d29307dd04df8bbc4edeb9680e1e
SHA256252acf5a3ea28210b475900263cc192c3422984522b5e7e50e7ac18bd2e579e9
SHA5126177922b522f05f44ad45c82d9719bf718e9bf44fcd8354f01339feb0ccf657d5ffcc4060cd37544f116ad55e28c3a64b31f31ab5b2613a935229d595fbcfa36