Extracted

• • Target

    d297be4d7ba3bb6edfd556802b39d6e08014bf9a851860e06b431c88fd422546.bin

  • Size

    1.1MB

  • MD5

    e87196e3bb8d7e981ca0cc9f07e8edfe

  • SHA1

    2c6ecf51ab5152e104ba09241d0966322b91356e

  • SHA256

    d297be4d7ba3bb6edfd556802b39d6e08014bf9a851860e06b431c88fd422546

  • SHA512

    4c2f4e6fe25bdb1b5edd4e6651892be85d1d952ed168c78455f95f544c7920bf74a92fe4a4354ebc1bf3789034d5237758a482e2b000d5bd456d4d936e0ecc22

  • SSDEEP

    24576:CMaMX2NVv68P4zLJ1N735F5QBmcbntUHjyn0+IvNa8XNX7EWOKvxMwo:BZGNt6YcJbdDQh6HWn0+IoKNOSxlo

  Score

  10^/10

  cerberusbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus family

    cerberus

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Requests changing the default SMS application.

    collectionimpact

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    evasion
  behavioral1behavioral2behavioral3