Analysis
-
max time kernel
39s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
02-02-2025 22:02
General
-
Target
6ef5e43779891bd57e08663c1f3085faa4c00546f86b65c02a95c56b65cb7b05.apk
-
Size
1.6MB
-
MD5
53f73916a84c20994d3bc3655e9e8c2c
-
SHA1
f8e847095302db2fd64084ae379bfe94c8680953
-
SHA256
6ef5e43779891bd57e08663c1f3085faa4c00546f86b65c02a95c56b65cb7b05
-
SHA512
7567962262fd28c7d2267a3afd99217eedf484d485b6494b440fb08af56002c4f7c99bf360095902fcc9d89dee6e64de0683857671d2644a6d083702519e3075
-
SSDEEP
24576:6p+ERCdw5FUMnFx3F9Lfj8dmyDy8JVxvfMmA8mPeIuwdm99FdOcaOMtM62Hs+p3u:6JYdrDyWDvfo8mGP/9FYyTs+9LLxNy
Malware Config
Extracted
cerberus
http://83.136.233.183/
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus family
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.lady.naive1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD554cb2b3465aac4e820716e66fe7dca47
SHA1f1cd36a489f6180b05ef626d9b746d340ddfaa16
SHA25648b6911e007e1190b896b254dd1af26f0b1b2b983885c13c8bdbbd3f68411365
SHA512cf33ee0a36957b5eaf4bdbbb2f52d746b648f3974681551e897a445d407d1c4dd62fdc7b33e4f879805b8859781644566f0f8e1eacf4bbfdf366e09646bc9706
-
Filesize
64KB
MD54b9ceae4b200e6f6e7f1f4a6a55ac826
SHA155ab1e29105c118d60a564642ff3ee15475c00b3
SHA25603bb3765f38b2763cf6309b5dc3f9064de0c48f59bf7d6a188b7ddb4ae809e89
SHA5128ac911dd618eb7dec863c4ec5268b6321763a0b1ff4d2053906650ef365d6db9a4c919895c149675fc7f089f465d4069f05432e8f9c4cb37e2b44fe28d4fed0c
-
Filesize
118KB
MD5319edfc7800cd95f601e378877da93dd
SHA148dfc57aab013d0edafe34829dbe91ff7eac0fc6
SHA256633eef55f1182663b9f0cefe056fc85a9fd1c5a4a146201a17677074c10afb85
SHA5127b9de6b544731c3134e40503c73d261c65f0234ae511ba46e3829fa4d836b2d1f993e1082340ba1dcd89c4f1a8d3dd5a5bf83eaf9bf5ad004c0758d80cf7d1f9