Overview

overview

10

Static

static

7

56943.apk

android-9-x86

10

56943.apk

android-10-x64

10

56943.apk

android-11-x64

10

shape_18.xml

windows7-x64

1

shape_18.xml

windows10-2004-x64

1

shape_19.xml

windows7-x64

1

shape_19.xml

windows10-2004-x64

1

shape_20.xml

windows7-x64

1

shape_20.xml

windows10-2004-x64

1

shape_21.xml

windows7-x64

1

shape_21.xml

windows10-2004-x64

1

shape_22.xml

windows7-x64

1

shape_22.xml

windows10-2004-x64

1

shape_23.xml

windows7-x64

1

shape_23.xml

windows10-2004-x64

1

shape_24.xml

windows7-x64

1

shape_24.xml

windows10-2004-x64

1

shape_25.xml

windows7-x64

1

shape_25.xml

windows10-2004-x64

1

square_fit...t.json

windows7-x64

3

square_fit...t.json

windows10-2004-x64

3

timeline_t...r.json

windows7-x64

3

timeline_t...r.json

windows10-2004-x64

3

uik_iconfont.ttf

windows7-x64

3

uik_iconfont.ttf

windows10-2004-x64

7

video-swipe.json

windows7-x64

3

video-swipe.json

windows10-2004-x64

3

videoAdjust.json

windows7-x64

3

videoAdjust.json

windows10-2004-x64

3

videoGraph.json

windows7-x64

3

videoGraph.json

windows10-2004-x64

3

video_adju...o.json

windows7-x64

3

Resubmissions

06-07-2023 13:22

230706-ql86rabe24 10

23-05-2023 17:55

230523-whe2dshc81 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56943.apk

  • Size

    1.4MB

  • Sample

    230706-ql86rabe24

  • MD5

    63bd520e98ceea016ef2377e97f0bfda

  • SHA1

    771f954bcd2570d012cc82f3bc90789116b618ff

  • SHA256

    6245fa164605d119c883a056c185f3fd9c502eba4ef08290bdc053b0db68466e

  • SHA512

    237241a9f54116ba931f5c50884a1bd686562d198d12391054ee3338a46ff44003a3a0fe115a959f79a01e0ce46f18efe12255b613872b55cdf79e0622a41e33

  • SSDEEP

    24576:tkzaymuPbH/3ZB9xiIK1fkm0cIoJHEHc7OrsSfm7BrB+cRMVy10UEF8:62uPb/ZxiI5tcxHEHc7M8BrlMVsEF8

Score
10/10
alienbotcerberusandroidbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

alienbot

C2

http://prangadayi.com/

rc4.plain

Targets

    • Target

      56943.apk

    • Size

      1.4MB

    • MD5

      63bd520e98ceea016ef2377e97f0bfda

    • SHA1

      771f954bcd2570d012cc82f3bc90789116b618ff

    • SHA256

      6245fa164605d119c883a056c185f3fd9c502eba4ef08290bdc053b0db68466e

    • SHA512

      237241a9f54116ba931f5c50884a1bd686562d198d12391054ee3338a46ff44003a3a0fe115a959f79a01e0ce46f18efe12255b613872b55cdf79e0622a41e33

    • SSDEEP

      24576:tkzaymuPbH/3ZB9xiIK1fkm0cIoJHEHc7OrsSfm7BrB+cRMVy10UEF8:62uPb/ZxiI5tcxHEHc7M8BrlMVsEF8

    Score
    10/10
    alienbotcerberusbankerevasioninfostealerransomwarerattrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

      bankertrojaninfostealerevasionratcerberus

    • Cerberus payload

    • Renames multiple (130) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Renames multiple (162) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Renames multiple (256) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

    • Target

      shape_18.svg

    • Size

      818B

    • MD5

      a9146c399e0bf45c006eef5326d5e2b7

    • SHA1

      f7a9111db0c8aae6632d9bd80f07b1669bf12389

    • SHA256

      ee03c61de487becbb8c3288728e4a35fce048b1f8aec4ba3bb65dd61e92693b6

    • SHA512

      ab12870b53f66af028fb71b234274c924aabc0349637bcb5c37681a3d8dcb06ff8aec627650cf1671b7e808d11987107832a5b3fda19d46ab8a2d9459c2351f4

    Score
    1/10
    behavioral4behavioral5

    • Target

      shape_19.svg

    • Size

      1KB

    • MD5

      d071555e770aa899a60ec89d524231f6

    • SHA1

      d12e7658da72e21b2447a0ab017f45f45bc27afe

    • SHA256

      d808488d2ce5c294a551dd6cab016c098f87fe5025ca4737d60e76cd391ccf12

    • SHA512

      02190ef1bc3823fe84d79b147dc8c16ef66325175a798178324b44ca114a12a0601d5717f25f0df7219e0406528a070d6b6a10793a4c51dd461eb1fefe0cfa51

    Score
    1/10
    behavioral6behavioral7

    • Target

      shape_20.svg

    • Size

      1KB

    • MD5

      4eec7819cf526dc5a0ad47c4551a930a

    • SHA1

      be218f9d9f010eaba1e97ec2b9aae39b913e4d8b

    • SHA256

      df496ff50b4c05b3f18cba321d0e54c6baad4a05e4b68e6bd2c15c563b4ad101

    • SHA512

      bd8497da284d26598bc6b25c2268d9651f6250bf0c26e3c96041fb1e8adc8f896dce19cc4ddffd5dcb68cc0fa2d49db853ed5cfecceefbf8bb6b18145e73054e

    Score
    1/10
    behavioral8behavioral9

    • Target

      shape_21.svg

    • Size

      1KB

    • MD5

      03bea92b5a80210f73284dca552a783e

    • SHA1

      6d8c76be2d7ca6d15e7e89f9cc432866173a8b43

    • SHA256

      cd185d4a912dd849f434d07505a9af77ddd98e2b5d7d2a40a3061dd2b12978a3

    • SHA512

      91bbee4dfc04ee1e8875f6213fec804ffc0a4d8ce584df2eb8191b90a6d1f76685a8c3bbcf15befdd4b71847a299d5f292f079b09a7c3ae8b94af8deb83a81d7

    Score
    1/10
    behavioral10behavioral11

    • Target

      shape_22.svg

    • Size

      1KB

    • MD5

      2c984aa72078254a59641ba4f07bba84

    • SHA1

      b678fa206605d2ab07e66190666223e281d90a08

    • SHA256

      642683939e77b6559a286a2043aa90b44a4a535e63040dee16dcb9367c65a624

    • SHA512

      2d5d256beae6a7b4f3f85db237593cd0e5616f0989dc85ec679c249cd949be50b05114ce6f3e24ba0c831102567168a40a25158ed407e85d1e5f7de91a016443

    Score
    1/10
    behavioral12behavioral13

    • Target

      shape_23.svg

    • Size

      3KB

    • MD5

      f5435cbc7107f6ca5ced160662cf7e4c

    • SHA1

      6c57386e93e4b427f372d79d895e8448c773d505

    • SHA256

      a6c337992c71d6b3910c6f3f5dbb9ef071e70df9f5d639ffd275ba3bbc7678c8

    • SHA512

      729cda9e7174f2d183bfd38ed9a9cf7a81e21901e2a975dc84b53589d68fc466ec97de03a089346da8b464778ef73342467b3e55e544dbceb91cbfa8cda1e5ec

    Score
    1/10
    behavioral14behavioral15

    • Target

      shape_24.svg

    • Size

      2KB

    • MD5

      37690f00271a0ff1a0fbca284d53a6e3

    • SHA1

      b81ff382620c4b4c8fbaa4dfd0f2c80d54f2ece8

    • SHA256

      2353646e97606fdc63fe94f6ed28cea42e911bfc5a57777cf48268fecf5389f4

    • SHA512

      a9a37ae837896d80f0c0a00fb94bcacb7be599790054b7a2e9ed833de1c8d4774d8593816420169257868ce4f8bfff11b567d6f12319de2c01876b550002be9d

    Score
    1/10
    behavioral16behavioral17

    • Target

      shape_25.svg

    • Size

      788B

    • MD5

      3eb0a51391ac88b3c15ae205c375d9ac

    • SHA1

      8bf1fd239aa52ccc99e49254e0c9425706f6bd67

    • SHA256

      9f1927aae9c8d5aa8738e323db20cafb6d3b096622dea4e5c6d2043b162bc3a9

    • SHA512

      43c001eb5e303c7e7380f6577dc7e96f064bb815eb830d9cc59a13e7d946c82e3fa557718bee67c81948911cd2e7881e218329a76750a40be33e0adf9ad27051

    Score
    1/10
    behavioral18behavioral19

    • Target

      square_fit_ratio_list.json

    • Size

      1KB

    • MD5

      1ab7f39f0464c57b3a39cef063a2445a

    • SHA1

      3a6e26465a7f21a1c4287e77a7234b09de00800d

    • SHA256

      4e3908f5e328f6cc426de36489b71396fcf12a32b98c5a4f032e7467d8e6a37b

    • SHA512

      311d2996f12bbbb81d03e0d9fd5db8452e23377a75d424deb26823db7da1aa830f10aaadb58d0c54ad9ddca96a7d1738d2d219335ddedae855b8b5705bfbf64b

    Score
    3/10
    behavioral20behavioral21

    • Target

      timeline_tools_order.json

    • Size

      1KB

    • MD5

      b3484578d1bd943d558e05523a948203

    • SHA1

      61a28264591741e4b5b2eed9c9b9ba51bfef955d

    • SHA256

      5fb5c24fc270084e45c33103a1d965284b349944b59b02de899c1553b5db598d

    • SHA512

      9528b1d49dc59a7222b30ac395d68c283ff91ef1eb75bfa14428919c4bf68159c493b8b1197fc57f182a3f19cb8ac75903451f1d15cec77ae60cee3d70c5d7c9

    Score
    3/10
    behavioral22behavioral23

    • Target

      uik_iconfont.ttf

    • Size

      123KB

    • MD5

      7c535923a6ac2697a56674c06787a5e5

    • SHA1

      58e5b36dc6970b020326358a997599a93ed41b90

    • SHA256

      87e72ff695439f650a5690bc3d3aea54b85d073e0506b535474cd6bd1b1bcfe7

    • SHA512

      f573979a62540a8ec20a7da194ce121b5e3297b74c6392bfeac1f9f3fb2bbe8df4b0fd3c52f44a1929fc9a8cd2211f9ee253c84de714afb4b1ac0b30ffb8a0dc

    • SSDEEP

      3072:/jd6DKUEYZefj25B05iYwTocDcVGP/sUgY6SLHmwmDgJJyG0+:/MDKU3Zefj2D05iYwDDcUMUgYpL2DgJD

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral24behavioral25

    • Target

      video-swipe.json

    • Size

      21KB

    • MD5

      3b2524c348216d89b3df2167d7297ddf

    • SHA1

      d493e953e24b73cae372215f9b2942123bc5f227

    • SHA256

      706747e0007c3a1bdeb9a789b3eb7e49a9ecd69164b73a1b7be4a6b212247400

    • SHA512

      5bcb5593dfae8763cd8c4f3d9b8bb5365eb676f7b1aea6cbf562dc0e73526ae7be93ad6d0617fba1e8b81b4b6ea216ca3160fd4929560303cba9b8c0cb4b93b6

    • SSDEEP

      384:ei1AZa1TMqmNleAYHbBfiFMO1pEGFO1pEOW6co6y1:eMkaJMlNQAibBfjgprgp9c5A

    Score
    3/10
    behavioral26behavioral27

    • Target

      videoAdjust.json

    • Size

      23KB

    • MD5

      1e4655c548d22564731d784bc47acfc9

    • SHA1

      b4d2f64e3cfca81cf457ceceaafa2a6872f36bed

    • SHA256

      b095cb185d0295d01025e526f0ddbf86376fdd02c12b1f4840b35c31e8d5a3ba

    • SHA512

      32747e6c934a15d2792daf5564a1a90944fb73f06e13278d529c94da1243cb1bc8e0eea071eb642724cc1208983e842410dec076a50216249517b4e9386ac3ff

    • SSDEEP

      384:yhZMGPK+k6N+Q1IVraLTuFdqQYV+qaL71xWaLpMJJsMJRR+RGwv+8t:sSRtx

    Score
    3/10
    behavioral28behavioral29

    • Target

      videoGraph.json

    • Size

      1KB

    • MD5

      729032e903f5ca7974a076635b3110c6

    • SHA1

      71e9f07213f9f73256b2c3d65817d65f3b98b11d

    • SHA256

      71186594dff3221ca2778f03befe780ea3d6fea09835107ece19957a5b8d2eaf

    • SHA512

      7d7ee9ab56cfa1610d11d1c9dfbb6efd0b8fffcc98f6de98b02d8ac4cff98191c5e7a4414ed185de5b43ea0fa17e60d2078add9a05663929e03653e897cb6da6

    Score
    3/10
    behavioral30behavioral31

    • Target

      video_adjust_tools_info.json

    • Size

      429B

    • MD5

      ecc01c7ec2173d4030dbe78467507918

    • SHA1

      50b3f41639c2124fa4608a4c47eaa85b7e2c8faf

    • SHA256

      10310ad54f2e2a78eb39988423a2a4db338f5d18ca3291ae2f178a27598f0863

    • SHA512

      5f1254d4fde4deca7673d2ac409d0f19ed4a653f6dfb1fd37b12c6bc122aab5c1b37c28cc0496940d7548253dee20b1be0c77b2b6145e9b67069aae78c2ac2c1

    Score
    3/10
    behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
7/10

behavioral1

alienbotcerberusbankerevasioninfostealerransomwarerattrojan
Score
10/10

behavioral2

alienbotcerberusbankerevasioninfostealerransomwarerattrojan
Score
10/10

behavioral3

alienbotcerberusbankerevasioninfostealerransomwarerattrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
7/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10