cerberus

General

Target

e13976af9c5b0fcf2754484922dd040d3754eb8b07c33c89474352a81a2346c5.bin
Size

1.7MB
Sample

250128-12rxhswkfn
MD5

64930e90e8256f9f1bbedb69bb9e50ee
SHA1

173510ac92a5d95b4dfbfe9e79f6e19850b36dec
SHA256

e13976af9c5b0fcf2754484922dd040d3754eb8b07c33c89474352a81a2346c5
SHA512

50a9d966f170dc9e20d4d105e265bb147184b92517a6c549135c6ec7adb96d48f6fe83b2db50374a6658fcd2b74976852c70cecb3d76ce1e0a86f91eb5966036
SSDEEP

49152:HKKgcBrpasMOjcEb8Am/xwA0gbu/NWz/t11SF4FeU3sLZQNT+:HKKgcJwLG8Am2XNWDaLFC+

Score

10^/10

Malware Config

Extracted

Family

cerberus

C2

http://83.136.233.183/

Targets

- Target
  
  e13976af9c5b0fcf2754484922dd040d3754eb8b07c33c89474352a81a2346c5.bin
- Size
  
  1.7MB
- MD5
  
  64930e90e8256f9f1bbedb69bb9e50ee
- SHA1
  
  173510ac92a5d95b4dfbfe9e79f6e19850b36dec
- SHA256
  
  e13976af9c5b0fcf2754484922dd040d3754eb8b07c33c89474352a81a2346c5
- SHA512
  
  50a9d966f170dc9e20d4d105e265bb147184b92517a6c549135c6ec7adb96d48f6fe83b2db50374a6658fcd2b74976852c70cecb3d76ce1e0a86f91eb5966036
- SSDEEP
  
  49152:HKKgcBrpasMOjcEb8Am/xwA0gbu/NWz/t11SF4FeU3sLZQNT+:HKKgcJwLG8Am2XNWDaLFC+
Score

10^/10

cerberus banker collection credential_access defense_evasion discovery evasion impact infostealer persistence rat stealth trojan privilege_escalation
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus family
  cerberus
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests changing the default SMS application.
  collection impact
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
- Tries to add a device administrator.
  privilege_escalation impact
- Listens for changes in the sensor environment (might be used to detect emulation)
  defense_evasion
behavioral1 behavioral2 behavioral3