Overview

overview

10

Static

static

6

6ef5e43779...05.apk

android-9-x86

10

6ef5e43779...05.apk

android-10-x64

10

6ef5e43779...05.apk

android-11-x64

10

Analysis

  • max time kernel
    61s
  • max time network
    143s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    02-02-2025 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ef5e43779891bd57e08663c1f3085faa4c00546f86b65c02a95c56b65cb7b05.apk

  • Size

    1.6MB

  • MD5

    53f73916a84c20994d3bc3655e9e8c2c

  • SHA1

    f8e847095302db2fd64084ae379bfe94c8680953

  • SHA256

    6ef5e43779891bd57e08663c1f3085faa4c00546f86b65c02a95c56b65cb7b05

  • SHA512

    7567962262fd28c7d2267a3afd99217eedf484d485b6494b440fb08af56002c4f7c99bf360095902fcc9d89dee6e64de0683857671d2644a6d083702519e3075

  • SSDEEP

    24576:6p+ERCdw5FUMnFx3F9Lfj8dmyDy8JVxvfMmA8mPeIuwdm99FdOcaOMtM62Hs+p3u:6JYdrDyWDvfo8mGP/9FYyTs+9LLxNy

Score
10/10
cerberusbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerprivilege_escalationratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://83.136.233.183/

Signatures

Processes

  • com.lady.naive
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests changing the default SMS application.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Tries to add a device administrator.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    • Checks memory information
    PID:4459

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

SMS Messages

1
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

SMS Control

1
T1582

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.lady.naive/app_DynamicOptDex/YYWAcjA.json
    Filesize

    64KB

    MD5

    54cb2b3465aac4e820716e66fe7dca47

    SHA1

    f1cd36a489f6180b05ef626d9b746d340ddfaa16

    SHA256

    48b6911e007e1190b896b254dd1af26f0b1b2b983885c13c8bdbbd3f68411365

    SHA512

    cf33ee0a36957b5eaf4bdbbb2f52d746b648f3974681551e897a445d407d1c4dd62fdc7b33e4f879805b8859781644566f0f8e1eacf4bbfdf366e09646bc9706

    Download Submit

  • /data/user/0/com.lady.naive/app_DynamicOptDex/YYWAcjA.json
    Filesize

    64KB

    MD5

    4b9ceae4b200e6f6e7f1f4a6a55ac826

    SHA1

    55ab1e29105c118d60a564642ff3ee15475c00b3

    SHA256

    03bb3765f38b2763cf6309b5dc3f9064de0c48f59bf7d6a188b7ddb4ae809e89

    SHA512

    8ac911dd618eb7dec863c4ec5268b6321763a0b1ff4d2053906650ef365d6db9a4c919895c149675fc7f089f465d4069f05432e8f9c4cb37e2b44fe28d4fed0c

    Download Submit

  • /data/user/0/com.lady.naive/app_DynamicOptDex/YYWAcjA.json
    Filesize

    118KB

    MD5

    319edfc7800cd95f601e378877da93dd

    SHA1

    48dfc57aab013d0edafe34829dbe91ff7eac0fc6

    SHA256

    633eef55f1182663b9f0cefe056fc85a9fd1c5a4a146201a17677074c10afb85

    SHA512

    7b9de6b544731c3134e40503c73d261c65f0234ae511ba46e3829fa4d836b2d1f993e1082340ba1dcd89c4f1a8d3dd5a5bf83eaf9bf5ad004c0758d80cf7d1f9

    Download Submit

  • /data/user/0/com.lady.naive/app_DynamicOptDex/oat/YYWAcjA.json.cur.prof
    Filesize

    151B

    MD5

    9b6a5b1835b3cd95d8d28ff6632b5c2a

    SHA1

    5044f6729e3a2a7335b0ea2c57cb01f4f37b72b9

    SHA256

    9309d06f78cb284dc6094204e04fbd14eb2f257da0a485334adab53fe5c93f2c

    SHA512

    41768fd9e31fa5763345d2b12b9d0e2f5bcaf265c0d806f880a84d7821879d544adfaa5df3d36241277e2436f392443d4d243f51d4306af81b0f029a940f9a50

    Download Submit