Overview

overview

10

Static

static

7

081794e3f6...b2.apk

android-9-x86

10

081794e3f6...b2.apk

android-10-x64

10

081794e3f6...b2.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    2118583s
  • max time network
    22s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
  • submitted
    22-07-2023 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    081794e3f6be096f8496f1c2b44d8a3fa8ffa9aa604865b9a8c0bd128e8367b2.apk

  • Size

    2.2MB

  • MD5

    52b836a91cb74e265809599deb604fbc

  • SHA1

    d7cc1d349c25310a73f8d434c764fdc309f7a61e

  • SHA256

    081794e3f6be096f8496f1c2b44d8a3fa8ffa9aa604865b9a8c0bd128e8367b2

  • SHA512

    77e85eefc6d0524525a5f3ebbdea1b371580d463d9959f717b5c263d50329fec2b15eda0f33ecfda3c63e056467f2882c5734d4a6c880db890853a87804463fe

  • SSDEEP

    49152:4VSHjBkh12COnXGwBbkJnqRPjELQ/d6HhXxTN+6QnJeZ3ZHTqQf3YgJtZKWhvcUX:Fta12jnXGhoRPjELQ/4HhXxTN+6QnsZJ

Score
10/10
alienbotcerberusbankerevasioninfostealerrattrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi9392.pw

rc4.plain

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.beyond.estate
    1⤵
    • Loads dropped Dex/Jar
    PID:4440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.beyond.estate/app_DynamicOptDex/LHZhRTr.json
    Filesize

    238KB

    MD5

    31dfb8b12d25acc1286a29b4b9b34b96

    SHA1

    a46feecdef9f1b1c5fa505a8a3029cbeb5927d1c

    SHA256

    0d38e6a86ef34c47167e5250587bbeaf6aa37bb84754d260f46e4ea94026c5ea

    SHA512

    04e6d33129498c4d9dff6aa88be2d1a6a1f18ee0d000286d4e2ee0f1692a15c752f093d140e85e145d118171e14dd217831f48ba859b40c638079d7452ed6bd6

    Download Submit

  • /data/user/0/com.beyond.estate/app_DynamicOptDex/LHZhRTr.json
    Filesize

    483KB

    MD5

    7b4191e362e05ec4fb43e0e12ae1feb8

    SHA1

    826e41a53db337acd92f4e622c048198d22fd09c

    SHA256

    235e4d251a6fba9be9ac6da057909c113179dd66720311b54a193469803002a6

    SHA512

    a8ecd8d98a80c21270efbab465718252e2ee22a1b446506ab9467ff71633a8ecaec6554eedde6609fbca232a2715b83ffafd057f1cd342a138fca4934568ab1f

    Download Submit

  • /data/user/0/com.beyond.estate/app_DynamicOptDex/oat/LHZhRTr.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit