General
-
Target
56dce6831256860e67f0f9b0f7cd592e57dd9f73a10913cbe4119efb64eafaae.zip
-
Size
1.8MB
-
Sample
250730-k31ytaytav
-
MD5
815c9b844cb6a5ad89b40985fb48504b
-
SHA1
57e851d159b3a0fdc4140063f842d6afef702c0f
-
SHA256
fa11f94d64a4177a6ee9c1accea1b68d86eed41207452d6887740a14b3f7ba93
-
SHA512
d3ddd969157d17fb91a6d4465064680d474300b9791f1e96c8a4543058509de1faecff032197204db4fa4fd22c9237c331cb623617c285f48824b67b3ffa1625
-
SSDEEP
49152:qh+IL6O+KCib6AtIGXuuh89qUXrXOm9LgDQl1eq3o:qgIoAKG+uhLifZgwP4
Behavioral task
behavioral1
Sample
56dce6831256860e67f0f9b0f7cd592e57dd9f73a10913cbe4119efb64eafaae.apk
Resource
android-x86-arm-20250619-en
Behavioral task
behavioral2
Sample
56dce6831256860e67f0f9b0f7cd592e57dd9f73a10913cbe4119efb64eafaae.apk
Resource
android-x64-20250619-en
Behavioral task
behavioral3
Sample
56dce6831256860e67f0f9b0f7cd592e57dd9f73a10913cbe4119efb64eafaae.apk
Resource
android-x64-arm64-20250619-en
Malware Config
Extracted
errorfather
z8ddqqu1m840
http://consulting-service-andro.ru
Extracted
errorfather
prxdjs0ycyuw
http://consulting-service-andro.ru
Extracted
errorfather
tgabtlybk6j7
http://consulting-service-andro.ru
Targets
-
-
Target
56dce6831256860e67f0f9b0f7cd592e57dd9f73a10913cbe4119efb64eafaae
-
Size
2.1MB
-
MD5
307b18273ade33d7621936976f773169
-
SHA1
716ac68f36aaa7dcbfe3689dfcb6ed1aaaf522c2
-
SHA256
56dce6831256860e67f0f9b0f7cd592e57dd9f73a10913cbe4119efb64eafaae
-
SHA512
c13cfe8dc9abb5b319c754fa897418b17eada261d1408dbf81a012abdff0495b197f008befe8b79cd73e4a1d8aaae551cc6768d84d02aabb45ddda5c1fe3469a
-
SSDEEP
49152:OCqO7lmsX3ktjecTak62ssxGTxyXNRZvtdTZ3mHOVl:OCq2lmVzM2svy1vtdVmHOn
-
ErrorFather
ErrorFather is an Android banking trojan based on Cerberus first seen in October 2024.
-
Errorfather family
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v16
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1