Hidden in Plain Sight: ErrorFather’s Deadly Deployment of Cerberus
Oct. 15, 2024, 9:45 a.m.
Tags
External References
Description
This report examines a campaign called 'ErrorFather' that utilizes an undetected variant of the Cerberus Android Banking Trojan. The campaign employed a sophisticated multi-stage dropper technique to deploy the malicious payload, which incorporated features like keylogging, overlay attacks, VNC, and a Domain Generation Algorithm (DGA) for resilience. Despite being based on leaked Cerberus code from 2019, this variant successfully evaded detection, highlighting the persistent threats posed by retooled malware. The report provides a detailed technical analysis of the malware's functionality and the campaign's tactics.
Date
Published: Oct. 15, 2024, 9:16 a.m.
Created: Oct. 15, 2024, 9:16 a.m.
Modified: Oct. 15, 2024, 9:45 a.m.
Indicators
c570e075f9676e79a1c43e9879945f4fe0f54ef5c78a5289fe72ce3ef6232a14
9d966baefa96213861756fde502569d7bba9c755d13e586e7aaca3d0949cbdc3
8faa93be87bb327e760420b2faa33f0f972899a47c80dc2bc07b260c18dfcb14
880c9f65c5e2007bfed3a2179e64e36854266023a00e1a7066cbcf8ee6c93cbc
6c045a521d4d19bd52165ea992e91d338473a70962bcfded9213e592cea27359
6b8911dfdf1961de9dd2c3f9b141a6c5b1029311c66e9ded9bca4d21635c0c49
516282073b7d81c630d4c5955d396e1e47a2f476f03dea7308461fa62f465c11
4c7f90d103b54ba78b85f92d967ef4cdcc0102d3756e1400383e774d2f27bb2e
136d00629e8cd59a6be639b0eaef925fd8cd68cbcbdb71a3a407836c560b8579
0c27ec44ad5333b4440fbe235428ee58f623a878baefe08f2dcdad62ad5ffce7
c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0
a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
0e2263d4f239a5c39960ffa6b6b688faa7fc3075e130fe0d4599d5b95ef20647
https://api.telegram.org/bot7779906180:AAE3uTyuoDX0YpV1DBJyz5zgwvvVg-up4xo/sendMessage?chat_id=5915822121&text=
https://secure-plus.online/ElsterSecure.apk
http://elstersecure-plus.online
http://consulting-service-andro.ru
http://cmsspain.shop
http://cmsspain.homes
http://cmscrocospain.shop
Attack Patterns
Cerberus