Overview

overview

10

Static

static

6

ffa5ac3460...4c.apk

android-9-x86

10

ffa5ac3460...4c.apk

android-10-x64

10

ffa5ac3460...4c.apk

android-11-x64

10

Analysis

  • max time kernel
    32s
  • max time network
    151s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    27/03/2025, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffa5ac3460998e7b9856fc136ebcd112196c3abf24816ccab1fbae11eae4954c.apk

  • Size

    1.1MB

  • MD5

    1512c3fa688ca107784b3c93cd9f3526

  • SHA1

    4140c53e9c5b6215cc9706ba53def170858e7f9b

  • SHA256

    ffa5ac3460998e7b9856fc136ebcd112196c3abf24816ccab1fbae11eae4954c

  • SHA512

    417bc07d7486135338b0a6374bc73894ddbbfefee0163cd47e73c01a0217af2e3cbb658d8621c1accc685caa491d8a5c31f10c3ed6b0391c65761b4d55d06021

  • SSDEEP

    24576:YpzErttEp6VcY3BX5xBay1hgZlc1tpZgoOZgoOZgoOZgo0I:azMbpNJxB11iZS1jSRSRSRSpI

Score
10/10
cerberusbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

cerberus

C2

http://94.156.77.32

Signatures

Processes

  • com.mwmnfwt.arhkrgajn
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:5207

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mwmnfwt.arhkrgajn/app_files/lbiyehpnaz.jar
    Filesize

    63KB

    MD5

    4b2132b2f14d5bef6b55191fe0a01c76

    SHA1

    62ecfd6921cb6511a7d2966c6a0790bfef2de7e2

    SHA256

    ba79058d13969080a465c6fb96ae10fd852b32905f965f4d46672b2304098005

    SHA512

    be918462691168c949b58691d6cc498b6988eb67a5386f60ae74f8453440db5601638bd4753ccf3e45200c5821e74f1ee13c6c63f5938f8c2821a3c8fb066228

    Download Submit

  • /data/user/0/com.mwmnfwt.arhkrgajn/app_files/lbiyehpnaz.jar
    Filesize

    122KB

    MD5

    92465828e13b365caa16c90349448d4e

    SHA1

    52f28a05d1b61a9d99e3c821bc82d98ce7547f46

    SHA256

    ba5d352db34f86c20c2bf9a0a1458364bfb105b9dbfd5e9b489ee9d3ed3993ec

    SHA512

    762d3aae0b04ecbd33766cd3469a5a8a69d8366fb85477e25d9d59f0f8dd4b229cd7b3fb806108e1560ea808f9f694fad345d8d31b93f588745969fe5cb6febc

    Download Submit