Overview

overview

10

Static

static

6

e41e5cf98f...75.apk

android-9-x86

10

e41e5cf98f...75.apk

android-10-x64

10

e41e5cf98f...75.apk

android-11-x64

10

Analysis

  • max time kernel
    61s
  • max time network
    147s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    25-01-2025 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e41e5cf98f70775be64bdfb72e7a864186f2d4bdfff999d78fb2e1a67a7f4a75.apk

  • Size

    1.5MB

  • MD5

    c26d6f245ec5d70dafb7de798beeb2d8

  • SHA1

    aa1fea0cfa2ec8a3aaf2890fdccee580787a6938

  • SHA256

    e41e5cf98f70775be64bdfb72e7a864186f2d4bdfff999d78fb2e1a67a7f4a75

  • SHA512

    218aa508af850846ae0fe5a35b8081f27430fbe3c457339767d002decbc8b0f1af5fc03f9aba8fca9542834c4b3100cbdf05fe1a776bdf4d0b521dc3b2d8f65c

  • SSDEEP

    24576:BqEaaapgpFnLX7YIF93xg4MeJdA5fSaWs+DzipRG2YZlEqMrqjMMMENWrWfpP2Tf:gEaaaI3KkySaB+SDG2Y0trhrWfk3sLYV

Score
10/10
cerberusbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerprivilege_escalationratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://188.120.225.180/

Signatures

Processes

  • com.fall.double
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Tries to add a device administrator.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    • Checks memory information
    PID:4437

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

SMS Control

1
T1582

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.fall.double/app_DynamicOptDex/oat/sN.json.cur.prof
    Filesize

    148B

    MD5

    40023bd1ce6b2b1f82c46aff99347424

    SHA1

    a848931a68fee713bb496ca6721693363d93ebde

    SHA256

    d765b665709af12f31e56361f31f89c5ff10943a5811b46891bf1212ce5ea7c0

    SHA512

    670c1829bc6931085acff451e0fbd19f0561925fbfcadc7b49dbabaac4696fff5e059e470a783304acf1f6992fd4457714020ae18b9161d5018943ba4d2bf1b2

    Download Submit

  • /data/user/0/com.fall.double/app_DynamicOptDex/sN.json
    Filesize

    64KB

    MD5

    2e6e3a46c452d711d93ae68b3fa88bc9

    SHA1

    e65c1ba5a289f914cc330a1f56385c79ae864ebd

    SHA256

    3655d51b2c2c832f5d5c2d0f2384edf5ef891a9b207f533fa5e67855116bf126

    SHA512

    224c2267986ee966020ad31580b4c1ef4872d25cf28e26b12ae9bf85d8742105db532e7cd2e9807bd5961a8d9e05dc6a625f64e4e9b71c542dc92b29e69c3914

    Download Submit

  • /data/user/0/com.fall.double/app_DynamicOptDex/sN.json
    Filesize

    64KB

    MD5

    a5e6a67d9aec2c4eef17d0553dfa9374

    SHA1

    14d6af253342f5c5f9f1456f84fdfcd3c4a04cfb

    SHA256

    3e302946b9c496c337b4b271c7254074557929e0446ba85bc91c86192bfeffcd

    SHA512

    8a3979707656a0c416710a8ae5cebc9316b7cd3782039ed6471d896e3a9e53ee6cd8c6b7eafefa7ebb9e78708a07c835a8841aec463ffbf8e9ccfe6415b76cfa

    Download Submit

  • /data/user/0/com.fall.double/app_DynamicOptDex/sN.json
    Filesize

    118KB

    MD5

    db06c1ec59829a13509af9b81aa47881

    SHA1

    1fc471dd01410676aac988badab9e636b9948f2b

    SHA256

    81ed5dbd3f672f61f1b04d96b413cc4a0406572427dc88356f6be5ba15f65cdc

    SHA512

    45dec5a2124e30a63f672fd047a66b6d47537cebc964ec5f6939fe1c9636ff569151a0f03ae43b8b3f427bb3331ce309c4effa160249b852a538817e69fb6132

    Download Submit