Overview
overview
10Static
static
78a15f942dc...e6.apk
android-9-x86
108a15f942dc...e6.apk
android-10-x64
108a15f942dc...e6.apk
android-11-x64
10FAB-blue.xml
windows7-x64
1FAB-blue.xml
windows10-2004-x64
1FAB2.xml
windows7-x64
1FAB2.xml
windows10-2004-x64
1annotation-xml.js
windows7-x64
1annotation-xml.js
windows10-2004-x64
1apple.xml
windows7-x64
1apple.xml
windows10-2004-x64
1arrow.xml
windows7-x64
1arrow.xml
windows10-2004-x64
1bear.xml
windows7-x64
1bear.xml
windows10-2004-x64
1bird.xml
windows7-x64
1bird.xml
windows10-2004-x64
1boom.xml
windows7-x64
1boom.xml
windows10-2004-x64
5callout.xml
windows7-x64
1callout.xml
windows10-2004-x64
1callout_11_shadow.xml
windows7-x64
1callout_11_shadow.xml
windows10-2004-x64
1callout_7_overlay.xml
windows7-x64
1callout_7_overlay.xml
windows10-2004-x64
1callout_8_overlay.xml
windows7-x64
1callout_8_overlay.xml
windows10-2004-x64
1callout_cloud.xml
windows7-x64
1callout_cloud.xml
windows10-2004-x64
1callout_de...le.xml
windows7-x64
1callout_de...le.xml
windows10-2004-x64
5callout_shape_2.xml
windows7-x64
1General
-
Target
8a15f942dc320c465a63dd15614dbdb659b267a29539f807c93f2ac66f5f0fe6.bin
-
Size
1.1MB
-
Sample
230701-bwt29agc9v
-
MD5
211e769d65e671f1cf41594745a7a131
-
SHA1
69c91093a7f1dfb4b437d5c8992abdb581f7392c
-
SHA256
8a15f942dc320c465a63dd15614dbdb659b267a29539f807c93f2ac66f5f0fe6
-
SHA512
3d3e24ccf1ab8ff897ac411c476e9fb3f6043faa7f719ccccc87635088c0226d9e84322367b473758dc8e8b7b42ad40af317771b5e2fd2ab58854982c4c9bff6
-
SSDEEP
24576:6c/SkDrBOiNZy6COYKcp2W00Y6uk+xFgAK9hUmZimxG7+fAoP1:THDJNZ6OEpLAxFgANmlG7+fAO
Static task
static1
Behavioral task
behavioral1
Sample
8a15f942dc320c465a63dd15614dbdb659b267a29539f807c93f2ac66f5f0fe6.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
8a15f942dc320c465a63dd15614dbdb659b267a29539f807c93f2ac66f5f0fe6.apk
Resource
android-x64-20230621-en
Behavioral task
behavioral3
Sample
8a15f942dc320c465a63dd15614dbdb659b267a29539f807c93f2ac66f5f0fe6.apk
Resource
android-x64-arm64-20230621-en
Behavioral task
behavioral4
Sample
FAB-blue.xml
Resource
win7-20230621-en
Behavioral task
behavioral5
Sample
FAB-blue.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral6
Sample
FAB2.xml
Resource
win7-20230621-en
Behavioral task
behavioral7
Sample
FAB2.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral8
Sample
annotation-xml.js
Resource
win7-20230621-en
Behavioral task
behavioral9
Sample
annotation-xml.js
Resource
win10v2004-20230621-en
Behavioral task
behavioral10
Sample
apple.xml
Resource
win7-20230621-en
Behavioral task
behavioral11
Sample
apple.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral12
Sample
arrow.xml
Resource
win7-20230621-en
Behavioral task
behavioral13
Sample
arrow.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral14
Sample
bear.xml
Resource
win7-20230621-en
Behavioral task
behavioral15
Sample
bear.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral16
Sample
bird.xml
Resource
win7-20230621-en
Behavioral task
behavioral17
Sample
bird.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral18
Sample
boom.xml
Resource
win7-20230621-en
Behavioral task
behavioral19
Sample
boom.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral20
Sample
callout.xml
Resource
win7-20230621-en
Behavioral task
behavioral21
Sample
callout.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral22
Sample
callout_11_shadow.xml
Resource
win7-20230621-en
Behavioral task
behavioral23
Sample
callout_11_shadow.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral24
Sample
callout_7_overlay.xml
Resource
win7-20230621-en
Behavioral task
behavioral25
Sample
callout_7_overlay.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral26
Sample
callout_8_overlay.xml
Resource
win7-20230621-en
Behavioral task
behavioral27
Sample
callout_8_overlay.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral28
Sample
callout_cloud.xml
Resource
win7-20230621-en
Behavioral task
behavioral29
Sample
callout_cloud.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral30
Sample
callout_dest_bubble.xml
Resource
win7-20230621-en
Behavioral task
behavioral31
Sample
callout_dest_bubble.xml
Resource
win10v2004-20230621-en
Behavioral task
behavioral32
Sample
callout_shape_2.xml
Resource
win7-20230621-en
Malware Config
Extracted
alienbot
http://185.252.179.5
Extracted
alienbot
http://185.252.179.5
Targets
-
-
Target
8a15f942dc320c465a63dd15614dbdb659b267a29539f807c93f2ac66f5f0fe6.bin
-
Size
1.1MB
-
MD5
211e769d65e671f1cf41594745a7a131
-
SHA1
69c91093a7f1dfb4b437d5c8992abdb581f7392c
-
SHA256
8a15f942dc320c465a63dd15614dbdb659b267a29539f807c93f2ac66f5f0fe6
-
SHA512
3d3e24ccf1ab8ff897ac411c476e9fb3f6043faa7f719ccccc87635088c0226d9e84322367b473758dc8e8b7b42ad40af317771b5e2fd2ab58854982c4c9bff6
-
SSDEEP
24576:6c/SkDrBOiNZy6COYKcp2W00Y6uk+xFgAK9hUmZimxG7+fAoP1:THDJNZ6OEpLAxFgANmlG7+fAO
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus payload
-
Renames multiple (128) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (168) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (174) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Removes a system notification.
-
-
-
Target
FAB-blue.svg
-
Size
1KB
-
MD5
beeb15f69eb7675da389dd2a7d25e61b
-
SHA1
9b175d994ff139e6079aa83e8d32cd97f9799ff2
-
SHA256
3eaad41cf652ff44c03f0100b20dbf00d0bcac736147619fe9dc66050095a1f7
-
SHA512
5c711726090a1b3791a62fdbd78683caefbb056a900598a67851f1e1a89f0f92ee1e8854c3875a141aa958517be720c45f1c7411089c3adf7367f2e11076d04e
Score1/10 -
-
-
Target
FAB2.svg
-
Size
1KB
-
MD5
a5024fe1b8259adff02d901bf33dbcf4
-
SHA1
bc45a9613897ba56d1784045fc7bd8f575602348
-
SHA256
61093297596e0335d5f4ed34807ad214dbdbe1c15d08cb51c7777707dc66f5b2
-
SHA512
ea60da36d50118171c78d99dfdb955b4925c13221b45e755c2542bf9e0a60c355fb8e0f6c0a7189ea74c2d1630cb3c0532cec390cc62ca0254dc5e70ecbf227a
Score1/10 -
-
-
Target
annotation-xml.js
-
Size
1KB
-
MD5
25ada2a932649287fc0251fec667fe94
-
SHA1
6d0552b7a07c631f91985f8f0e82965fb6cfb185
-
SHA256
80565c71be9d2c725588c5a73485ab1c7cddb35cb6986b60a2d76b9df315f90b
-
SHA512
d02780654145254929b3da118f31f04621731a66c8d44ed0ea8915daa30426744a24d1828a5d61cebfd83cda3326f6d297c674f866d7fd1df410bf98e80fbb0f
Score1/10 -
-
-
Target
apple.svg
-
Size
1KB
-
MD5
386807d5a6de6f8b74bf26897af8e092
-
SHA1
9184e48a9f8276f32be763a254773c4e5f2017e1
-
SHA256
be1bdd07dae30ddf977d7f1d34574f6e6d6f9cc68d3b5428315af589a8d15ca2
-
SHA512
ab99eaf548b8f1b25516a62d814f3d7610a2d6d16c5a9401b96368cccdc5fdc84762eaa6041ff17e59a99a08c5f89b4b97662e080825d5159003d21ca7f767c1
Score1/10 -
-
-
Target
arrow.svg
-
Size
407B
-
MD5
307d6a9e22b99a773d19844db37d9b53
-
SHA1
eff273c09417599dd35a4d89b48141355a85eda5
-
SHA256
4b20ca0905f62f5f33380063a9d569286aea83fe8e6a2d8584d5c0d4b6e03f87
-
SHA512
3cb2e0dd467bb5c4b7eb049b62c5fec2547eac119d2c3756fb225ddf2057c5b1930142714d8a4c0ddb657f3e6c06e937e6ddaa245d6a8e5ddb62e5e6554110ee
Score1/10 -
-
-
Target
bear.svg
-
Size
2KB
-
MD5
a3b81d60e065ed84bf23746ff5dd6b39
-
SHA1
7420fe1744bcc51399be1efc8331d6a808335243
-
SHA256
7bd2c80b5ed3cbf4a70706e9a07f68eb9be108cfb3046caa02362455d0896096
-
SHA512
56987ee2776451b55eb99b13fc0981f65e824fcc61852e1a5e481e4e94c4509e058337718960640e6caa52c6a1c5db28b6a14ae5c356abae57689a6b6221f750
Score1/10 -
-
-
Target
bird.svg
-
Size
1KB
-
MD5
564073fb36287299158db87208c3ef4b
-
SHA1
d9ea8d3bbeee99b3acdc1fbd5f779d329783852c
-
SHA256
888e1f6b188d57d2bb5c86656872193e2dc882672c67ac53a1c6828ee95f40b2
-
SHA512
77ad8ceaa1784c765eb3ac3cd2d8da442d5bcaa8086e67de4baa929d020ffd90895fe61710f285d6668235188b9520203b86c986154815cf5de82b29c4b3ef1f
Score1/10 -
-
-
Target
boom.svg
-
Size
589B
-
MD5
b4ef4359b2f85a6594ce804b36b96876
-
SHA1
62deac4f0087d7e7486a5c725ae6588407c9f258
-
SHA256
82dafe3ff2010e88478ffc68934006b9b6dcd6efc8d58d58d8e0f38adc35811e
-
SHA512
8ddb0dcde339faca1cf95eff030b924e242f6b071f44deec4998c91e04d28b98de20c415070fc15b88fbcc36d04da1cd76259e3d9a448de6ff3e2b976d1dc699
Score5/10-
Drops file in System32 directory
-
-
-
Target
callout.svg
-
Size
557B
-
MD5
e754f3032bf46c6d8d97140622f7cd43
-
SHA1
c3b07417ea1eb6101ced7ffe4fd1b52822863a6d
-
SHA256
6a05056f555e8ede6117732f3fa4ba5b538b0bd81fbfa2e665f7109a535e78f5
-
SHA512
8beeec4db830502e0963276512e50513ac3d47da758e3e4b9567736ce3ef3552ee84c81ecc5657822c70adc921181e95ef1e8ba909c9dfd4828ef41fd2972e8f
Score1/10 -
-
-
Target
callout_11_shadow.svg
-
Size
2KB
-
MD5
a43eaf2037b2a882b41912e5bf68e3f4
-
SHA1
b1b73e482269c1c5370f7a6e4ab5a3b47d2c6373
-
SHA256
354cbc8433a0fb42c500fa7039f4c7254db20eb9f589f8866846f142c45d94c2
-
SHA512
5aa4640b5cc83376ae6f61c80bfe6e1aedd2e6eec2337f9478f4a5544cba6b1a09fd46cb4c93a8313d4843a7c42b498f610bf51ca90d476819088e8fd52b2c69
Score1/10 -
-
-
Target
callout_7_overlay.svg
-
Size
1KB
-
MD5
13da4f83c32b6af839f40448ad4093dd
-
SHA1
2dd817cbb6c2198c9b622bf8a4a4bd0f58c5980d
-
SHA256
22a5b339c8e15d0b1393e540966b414ca577f1e6c2c4682bef22e98f74e5a5d3
-
SHA512
3c5e37b7638099495ca3773edd1b4c780ceced0db68749c7c7437ad460ae765f1e3f952e146f7851a778f9dd32a5c7cce57ee616c0f015231b0071c9a39013cb
Score1/10 -
-
-
Target
callout_8_overlay.svg
-
Size
2KB
-
MD5
65a2809f038ffa4146cf59a57e6bb32d
-
SHA1
3b5e30bf5de229cbeb085e1ea355288d63ebea51
-
SHA256
8dc35b01684c284e85275509e698edea94e73f6e328732993a96b881f20eaaff
-
SHA512
2f792059b6aa0a1dd32924169fb9176e9c6523c6f17b17cbaa2486bb246b6f726e01717b47372d9558501cb2dc5f51c1564b7ce195bcde1769e07b3fb8a7879b
Score1/10 -
-
-
Target
callout_cloud.svg
-
Size
4KB
-
MD5
cd47d4b3192545c91fdddeae5adb3d8a
-
SHA1
8d389882bb4a501bd8d2c9690a023d0c808213d7
-
SHA256
8ec8ca9e56edab13c9b45aa0dc21a4970398ba6917efb981e4533cd510c56d58
-
SHA512
58f8482402652807229c3d5a563c785f4f85d6f768592521b951ade7555826f49f45e41881b1012c0350ee5aa77e0e4daa22f207e0fa3ddf3f06c16e49817ddc
-
SSDEEP
96:7OKfETG9jU7aGyVS0/K4TL+uhBj0HPDYKnCZB4qdP9:SoZuaGyg01TPhUzMd1
Score1/10 -
-
-
Target
callout_dest_bubble.svg
-
Size
1KB
-
MD5
5a1b792bf859e656807fb87228b66416
-
SHA1
21612430725df233bd8bd7e10ae17a33a7923429
-
SHA256
07c9841559f933977b9448e4ed5e18e3000666faa8768526136bccebefe8b104
-
SHA512
e908a8dd836b51193f62b60eda3a5371cb9f2548e0b792e90fe624e012c7d64c20c987ead14f591a1e59b7786eec31221f56148447ba8deb53082c7594462b25
Score5/10-
Drops file in System32 directory
-
-
-
Target
callout_shape_2.svg
-
Size
4KB
-
MD5
6dc1e0aa43dd2a582b24b6487605fb76
-
SHA1
c403b4c464908b8d740d03775742fdc72a6e8327
-
SHA256
f6ec4c71c9e3ebfc1d23691364cc5736a12c3180ad35e55f4f9dc0fa3ce03669
-
SHA512
3cced4fb52552f26f35eac6eacf8fc408b6f5e251984f486e203777b0889261db83ea127a97b5e53c246456c819b23b6d6209fec1bb3a6df5f173e66de370ce2
-
SSDEEP
96:7OKfvMkrs4v9rTicBaUTnpI5kS0nvVfiYPl9Cb7dMM/SAWicJPjiBwlH:SoT44Vp3hrnvVqY99CR/SAWicgwN
Score1/10 -