cerberus | 1bf5632a0f77c465054a81d75190788ac2f9045bd4535ca5ff13e91e1141c313

Analysis

max time kernel
3s
max time network
143s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
18/02/2025, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bf5632a0f77c465054a81d75190788ac2f9045bd4535ca5ff13e91e1141c313.apk
Size

3.5MB
MD5

b166639b3fa746f6332900da99e10117
SHA1

41eb65e461bb0894f97c372d8700b6d1a040a3d8
SHA256

1bf5632a0f77c465054a81d75190788ac2f9045bd4535ca5ff13e91e1141c313
SHA512

23072384d0d6e9cc2fb7cdd9a867681e556ae25a5798d047ca6d1f4874ffe84751804983a27f248100d7cc184b419755453df1fe197d46ea68c33b5d39a90925
SSDEEP

98304:8kmFZUQwFtlnYcLD2vmKyZu5BaFwsrrRf:yZFwFtuq2vSuna3B

Score

10^/10

cerberus banker evasion infostealer rat trojan

Malware Config

Signatures

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus
Cerberus family
cerberus

Cerberus payload 3 IoCs

resource	yara_rule
behavioral2/files/fstream-2.dat	family_cerberus
behavioral2/memory/5070-0.dex	family_cerberus
behavioral2/memory/5070-1.dex	family_cerberus

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json	5070	frog.chalk.balance
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json	5070	frog.chalk.balance

frog.chalk.balance
1⤵
- Loads dropped Dex/Jar
PID:5070

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/frog.chalk.balance/app_DynamicOptDex/UOXMi.json

Filesize
415KB

MD5
cb2deee54e8e8e70985e6e0d8e533df7

SHA1
2754cb15521d0045b4bf5eea8619300c8984245b

SHA256
151ab21a6a09b72dab6d4d9ee4b029b81d1bf6c33e723c7056bf421a31a16bf0

SHA512
c004446e2e17ae75f9d9b01d7322babdcae450ebcc659a3652debda903c09dab64db7ea24ecd8308a0d92ae3a5ccba7beca942a78e2187a55ed336cda5dbf792

Download Submit
/data/data/frog.chalk.balance/app_DynamicOptDex/UOXMi.json

Filesize
415KB

MD5
c58c396f9cbc9ece1512cc2672b21587

SHA1
b45162895c0c984a622193e48ace95b2792b5b96

SHA256
f68e8fcef2d7930e4b67ef0b404a0219c3f15d7ebf2db066e895e85e2c7ae084

SHA512
1044e3dd1769beed764aebd1ddffe0f1725a81f3e271594cc312ce23d954ce4a995c3272b86cf8914cec8d67e4ab010bdd670c4bfaa462ad5f56feba73a5490d

Download Submit
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json

Filesize
698KB

MD5
b69247e5af248d767c64850ed8b85306

SHA1
817de1eb28934f9900e48e3d3d03bd4bc855b3ec

SHA256
7b1e1e82e74b50020f34226e8234b97415f41bee24855468a8c182ad54b0d44f

SHA512
dfd882a5423d7419f9440fdaefd90d51378ca735b92ea10e77b7da0e36b6c0f79418fab7cda8881e450a09ef8fd49db68b12cb79746409a569b6a11c3a82939e

Download Submit
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json

Filesize
698KB

MD5
3039916b7ee8548b6ad14a4ebfa55f78

SHA1
028cd8fb2d325dba489dc8a73a053f4332eefa17

SHA256
5c9eef25113b5e3ad349d963f058b9bdce4321e7d389857459fe95d5ce4fb7b7

SHA512
a20d816f231bd4661bdcb6a0c6c0a2091ebccd528cfaf4ba661bccba754855f78c048441b1350fc68408d9ccf7a162be0ca5cd44116593ec59b5699bf99766ca

Download Submit