cerberus

General

Target

ea808ea86945230a259643abb5b4c90238f4e2ac08c90a37ce55ebadfdcf3591.bin
Size

1.7MB
Sample

250124-11w5va1mb1
MD5

9d2b1df9e4fbd046d6c0e5936c1b32d7
SHA1

c4fb61c9a22933ac3450c5a5e19f6f5309503941
SHA256

ea808ea86945230a259643abb5b4c90238f4e2ac08c90a37ce55ebadfdcf3591
SHA512

955796af1e897219af95875dfa5b37b8aafba4e5a7074141883a51771dbbfa7b1767f3bc13e56d000dbf644d46d21b297c4528622c6a656ed017cc7f11f72df5
SSDEEP

49152:uAVP33DEf2PwSYYAqyWcqCk9mVgISHFXqOCLMeLk3:ug/ofodY+iqCpVg+3oeLk3

Score

10^/10

Malware Config

Extracted

Family

cerberus

C2

http://83.136.233.183/

Targets

- Target
  
  ea808ea86945230a259643abb5b4c90238f4e2ac08c90a37ce55ebadfdcf3591.bin
- Size
  
  1.7MB
- MD5
  
  9d2b1df9e4fbd046d6c0e5936c1b32d7
- SHA1
  
  c4fb61c9a22933ac3450c5a5e19f6f5309503941
- SHA256
  
  ea808ea86945230a259643abb5b4c90238f4e2ac08c90a37ce55ebadfdcf3591
- SHA512
  
  955796af1e897219af95875dfa5b37b8aafba4e5a7074141883a51771dbbfa7b1767f3bc13e56d000dbf644d46d21b297c4528622c6a656ed017cc7f11f72df5
- SSDEEP
  
  49152:uAVP33DEf2PwSYYAqyWcqCk9mVgISHFXqOCLMeLk3:ug/ofodY+iqCpVg+3oeLk3
Score

10^/10

cerberus banker collection credential_access defense_evasion discovery evasion impact infostealer persistence rat stealth trojan
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus family
  cerberus
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests changing the default SMS application.
  collection impact
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  defense_evasion
behavioral1 behavioral2 behavioral3