Analysis of “Evdeyim” App
Information about app :
Obfuscation and Anti-VM Code:
App logs into the sensitive information of user which should never be logged. It also has ability to read and write into the external storage and also uses the insecure RNG [Random Number Generator ] but has a secure SSL. Moreover , it has weak hash’s and also stores the sensitive information of user in temp file. Many of the services run by App are insecure.
Activities Run by App:
Services run by App:
Running app dynamically on emulator. It runs for sometime but it crashes as further dynamic analysis is done on app.
Around 7000 base64 strings are being decoded from App. Some of them are:
Communicating Files with C2 Server:
C2 server is hosting many apps that are being the samples of Cerberus Malware.
That’s all for today.