Overview

overview

10

Static

static

7

36b545adeb...a5.apk

android-9-x86

10

36b545adeb...a5.apk

android-10-x64

10

36b545adeb...a5.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    783877s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20230824-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230824-enlocale:en-usos:android-9-x86system
  • submitted
    25-08-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36b545adeb54d069619de4ef560d5c08b11fb11e1e8868170a932fdb6ac9e1a5.apk

  • Size

    2.2MB

  • MD5

    e3e76c936a3e36420f1d246a097e5f71

  • SHA1

    3e482c187382a5cf98217aead385409c8c3a7abf

  • SHA256

    36b545adeb54d069619de4ef560d5c08b11fb11e1e8868170a932fdb6ac9e1a5

  • SHA512

    1d137b7cd40c12362b3cd47f540d9e03f86ebb66415e7367123fec4266c8d4e27bff4b14f4bdab209c864741207085f4c4805925e0b6ea6fbc616079d0096965

  • SSDEEP

    49152:q3MZvo4baojpvw5zIVHpjE2QbTRH5XHmNEMHa80MkZCGfhihlV3khFRdnV9Jcz3l:q8JoURjRw+HpjE2QbdH5XHmNEMHavMk4

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.roast.ocean
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4174
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.roast.ocean/app_DynamicOptDex/yrOsTGs.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.roast.ocean/app_DynamicOptDex/oat/x86/yrOsTGs.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.roast.ocean/app_DynamicOptDex/oat/yrOsTGs.json.cur.prof
    Filesize

    450B

    MD5

    297deb7cfb4bca6118d39ded6da2b41c

    SHA1

    c745676e145ca4e2d15c310f04d1372c6ae9df9a

    SHA256

    0d90afb85a974904b14da49ef6326687216c980b084521da17b61a01e8aefd8f

    SHA512

    c7ce9be7818b6ff44f65aeca877eb2423d0d57ace18c1926f7fc4fd824f4bafb8b33db538a961f6d731a4fde6c598d28814f436141d2dbe4090ed209ad9a9ef6

    Download Submit

  • /data/data/com.roast.ocean/app_DynamicOptDex/yrOsTGs.json
    Filesize

    238KB

    MD5

    fb580ec31046e5aa08ccd13ea177e71e

    SHA1

    a9534da3c82bd682dacb9506dbcf79f9ec42a6b5

    SHA256

    6bc7b9081dd72dc98fadb85a6b470416559ea069bb30bb045a9611e452ddb078

    SHA512

    d40030f846b456a06abc20630e99586839d084488a954b29f8c8e28b7e92b4764ccc48c88de8a2ec23c4e8d2441ef2fb53925708bdfd7400dbbaa5f17d368873

    Download Submit

  • /data/data/com.roast.ocean/app_DynamicOptDex/yrOsTGs.json
    Filesize

    238KB

    MD5

    4a08614525ef38cb8703bbc52766ee39

    SHA1

    c8f883207e3ae064a192f2a17e31642f5c7524a8

    SHA256

    7dcaf3e33299e0ad3e8f5aa1b3e95cb8ee55aa06432b1e1ed67a20db68397160

    SHA512

    ec596c9b21dc542b242cf173e55a7909719d51973d2fbb944a94a15494617c3758e26c301797c7141142700f0d976ce133ad66d568842668cea534abc91307bc

    Download Submit

  • /data/user/0/com.roast.ocean/app_DynamicOptDex/yrOsTGs.json
    Filesize

    483KB

    MD5

    09e1d2dad81094917e9c64168f3740a8

    SHA1

    fd0ca499ab40112a0c4d4e6a8f49ad48703e6848

    SHA256

    9cefe170eb2ea3f407ba609302cbcb9b6ba3f45dd40a51a38718a591badac1c5

    SHA512

    9fe51b4ef7c658f31f74baa15a0c0e5a80fd72293a6531743483715ef02f79efc15d54a9a563956a47adbc59e5507f27755c29b273f47610aeeb34ad3da8d792

    Download Submit

  • /data/user/0/com.roast.ocean/app_DynamicOptDex/yrOsTGs.json
    Filesize

    483KB

    MD5

    16cbed5f379e2684d42d83d908b86cd6

    SHA1

    14479585b1b6d0be1396534eef0def542cba36e0

    SHA256

    77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

    SHA512

    4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

    Download Submit