Overview

overview

10

Static

static

7

36b545adeb...a5.apk

android-9-x86

10

36b545adeb...a5.apk

android-10-x64

10

36b545adeb...a5.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    783897s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230824-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230824-enlocale:en-usos:android-11-x64system
  • submitted
    25-08-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36b545adeb54d069619de4ef560d5c08b11fb11e1e8868170a932fdb6ac9e1a5.apk

  • Size

    2.2MB

  • MD5

    e3e76c936a3e36420f1d246a097e5f71

  • SHA1

    3e482c187382a5cf98217aead385409c8c3a7abf

  • SHA256

    36b545adeb54d069619de4ef560d5c08b11fb11e1e8868170a932fdb6ac9e1a5

  • SHA512

    1d137b7cd40c12362b3cd47f540d9e03f86ebb66415e7367123fec4266c8d4e27bff4b14f4bdab209c864741207085f4c4805925e0b6ea6fbc616079d0096965

  • SSDEEP

    49152:q3MZvo4baojpvw5zIVHpjE2QbTRH5XHmNEMHa80MkZCGfhihlV3khFRdnV9Jcz3l:q8JoURjRw+HpjE2QbdH5XHmNEMHavMk4

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.roast.ocean
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4392
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4508
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4623
        • getprop ro.miui.ui.version.name
          2⤵
            PID:4773
          • getprop ro.miui.ui.version.name
            2⤵
              PID:4811
            • getprop ro.miui.ui.version.name
              2⤵
                PID:4845
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:4879
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:4905

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/com.roast.ocean/app_DynamicOptDex/oat/yrOsTGs.json.cur.prof
                  Filesize

                  319B

                  MD5

                  02bd260dc3a0093aa50839346a503719

                  SHA1

                  d4b1493f7f73c24e37000494352bfcfa06d3c5e6

                  SHA256

                  4fcc0559828a22442c59dd1726c5ecc3c2203ecd16c3d7ebc9c1478476548559

                  SHA512

                  bb2f2dd37196d723706d695c31c6e9351d25778d87687dc95eb48d95ee25d20017ca46205dcc3064177b2742aa6e9226fe355c11670f4aa3b9bc2d4697167662

                  Download Submit

                • /data/user/0/com.roast.ocean/app_DynamicOptDex/yrOsTGs.json
                  Filesize

                  238KB

                  MD5

                  fb580ec31046e5aa08ccd13ea177e71e

                  SHA1

                  a9534da3c82bd682dacb9506dbcf79f9ec42a6b5

                  SHA256

                  6bc7b9081dd72dc98fadb85a6b470416559ea069bb30bb045a9611e452ddb078

                  SHA512

                  d40030f846b456a06abc20630e99586839d084488a954b29f8c8e28b7e92b4764ccc48c88de8a2ec23c4e8d2441ef2fb53925708bdfd7400dbbaa5f17d368873

                  Download Submit

                • /data/user/0/com.roast.ocean/app_DynamicOptDex/yrOsTGs.json
                  Filesize

                  238KB

                  MD5

                  4a08614525ef38cb8703bbc52766ee39

                  SHA1

                  c8f883207e3ae064a192f2a17e31642f5c7524a8

                  SHA256

                  7dcaf3e33299e0ad3e8f5aa1b3e95cb8ee55aa06432b1e1ed67a20db68397160

                  SHA512

                  ec596c9b21dc542b242cf173e55a7909719d51973d2fbb944a94a15494617c3758e26c301797c7141142700f0d976ce133ad66d568842668cea534abc91307bc

                  Download Submit

                • /data/user/0/com.roast.ocean/app_DynamicOptDex/yrOsTGs.json
                  Filesize

                  483KB

                  MD5

                  16cbed5f379e2684d42d83d908b86cd6

                  SHA1

                  14479585b1b6d0be1396534eef0def542cba36e0

                  SHA256

                  77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

                  SHA512

                  4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

                  Download Submit