cerberus

General

Target

6fe549cb8e018c504ab130d3d9713d980ef3d63937bfa7fa125aee104b6391b1.bin
Size

1.7MB
Sample

250306-1ygx5syrw3
MD5

9c19de218c675d2474a937847bc0f720
SHA1

36d51807bd4cca45aa6cb2deec4a0ccd5907c532
SHA256

6fe549cb8e018c504ab130d3d9713d980ef3d63937bfa7fa125aee104b6391b1
SHA512

f83c8fd736956e6562f20a12a659bfb952da316e0d184a8bb84e8c818c728786110bc2daa2c7b3d05a6f601414ed58d3213e91414a5696946d6b5c0740e47f90
SSDEEP

49152:lXvPVxslDKFvzbD/dhGHnYCZnMgrmypHL7Si:lXvPValqvJ8zZplnt

Score

10^/10

Malware Config

Extracted

Family

cerberus

C2

http://188.120.236.119/

Targets

- Target
  
  6fe549cb8e018c504ab130d3d9713d980ef3d63937bfa7fa125aee104b6391b1.bin
- Size
  
  1.7MB
- MD5
  
  9c19de218c675d2474a937847bc0f720
- SHA1
  
  36d51807bd4cca45aa6cb2deec4a0ccd5907c532
- SHA256
  
  6fe549cb8e018c504ab130d3d9713d980ef3d63937bfa7fa125aee104b6391b1
- SHA512
  
  f83c8fd736956e6562f20a12a659bfb952da316e0d184a8bb84e8c818c728786110bc2daa2c7b3d05a6f601414ed58d3213e91414a5696946d6b5c0740e47f90
- SSDEEP
  
  49152:lXvPVxslDKFvzbD/dhGHnYCZnMgrmypHL7Si:lXvPValqvJ8zZplnt
Score

10^/10

cerberus banker collection credential_access defense_evasion discovery evasion impact infostealer persistence rat stealth trojan privilege_escalation
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus family
  cerberus
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests changing the default SMS application.
  collection impact
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
- Tries to add a device administrator.
  privilege_escalation impact
- Listens for changes in the sensor environment (might be used to detect emulation)
  defense_evasion
behavioral1 behavioral2 behavioral3