cerberus | 1bf5632a0f77c465054a81d75190788ac2f9045bd4535ca5ff13e91e1141c313

Analysis

max time kernel
1s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
18/02/2025, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bf5632a0f77c465054a81d75190788ac2f9045bd4535ca5ff13e91e1141c313.apk
Size

3.5MB
MD5

b166639b3fa746f6332900da99e10117
SHA1

41eb65e461bb0894f97c372d8700b6d1a040a3d8
SHA256

1bf5632a0f77c465054a81d75190788ac2f9045bd4535ca5ff13e91e1141c313
SHA512

23072384d0d6e9cc2fb7cdd9a867681e556ae25a5798d047ca6d1f4874ffe84751804983a27f248100d7cc184b419755453df1fe197d46ea68c33b5d39a90925
SSDEEP

98304:8kmFZUQwFtlnYcLD2vmKyZu5BaFwsrrRf:yZFwFtuq2vSuna3B

Score

10^/10

cerberus banker evasion infostealer rat trojan

Malware Config

Signatures

Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus
Cerberus family
cerberus

Cerberus payload 3 IoCs

resource	yara_rule
behavioral3/files/fstream-2.dat	family_cerberus
behavioral3/memory/4617-0.dex	family_cerberus
behavioral3/memory/4617-1.dex	family_cerberus

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json	4617	frog.chalk.balance
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json	4617	frog.chalk.balance

frog.chalk.balance
1⤵
- Loads dropped Dex/Jar
PID:4617

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json

Filesize
415KB

MD5
cb2deee54e8e8e70985e6e0d8e533df7

SHA1
2754cb15521d0045b4bf5eea8619300c8984245b

SHA256
151ab21a6a09b72dab6d4d9ee4b029b81d1bf6c33e723c7056bf421a31a16bf0

SHA512
c004446e2e17ae75f9d9b01d7322babdcae450ebcc659a3652debda903c09dab64db7ea24ecd8308a0d92ae3a5ccba7beca942a78e2187a55ed336cda5dbf792

Download Submit
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json

Filesize
415KB

MD5
c58c396f9cbc9ece1512cc2672b21587

SHA1
b45162895c0c984a622193e48ace95b2792b5b96

SHA256
f68e8fcef2d7930e4b67ef0b404a0219c3f15d7ebf2db066e895e85e2c7ae084

SHA512
1044e3dd1769beed764aebd1ddffe0f1725a81f3e271594cc312ce23d954ce4a995c3272b86cf8914cec8d67e4ab010bdd670c4bfaa462ad5f56feba73a5490d

Download Submit
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json

Filesize
698KB

MD5
569bb669261e5a2a1218898f348f4273

SHA1
5eee8694e82c9b094d7ca79b4b938810af758056

SHA256
ead1b74a7edf6c1d30937dec2f004349684c05fa5323ba809bad6a52c0b916d0

SHA512
30a34d7ae44a7570c9773a8def26adfe130b2ab3a45134f441ba016e3a7aeabc5c80101ff5b52c6be7cf803d574d0072639ea7b6fc01e3c8a8e9bd992d586d8b

Download Submit
/data/user/0/frog.chalk.balance/app_DynamicOptDex/UOXMi.json

Filesize
698KB

MD5
b13990b9be4a212e8e3491ae2cd69067

SHA1
86f082a20f6b5786e249681376223ea5fd5eb1f7

SHA256
447847558ee2597271e086d03513270493a567e899f484591f4a6f7ff4f8d0e1

SHA512
f2e851c819b489382e38fa833b873350ed4892f10501be45784514c27d48e582092185fdc756f14798e6253bf5b1b2b1e2853ad4eda3ab62a4ef1cc64af10836

Download Submit