Overview

overview

10

Static

static

7

d7decbee41...6c.apk

android-9-x86

10

d7decbee41...6c.apk

android-10-x64

10

d7decbee41...6c.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    784018s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20230824-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230824-enlocale:en-usos:android-9-x86system
  • submitted
    25/08/2023, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7decbee41ee4b8d4e39a35763a8c9a639e61113835354d08f1a0cf56635116c.apk

  • Size

    2.3MB

  • MD5

    619c1a75736196cc2860e3975becf951

  • SHA1

    a463890ffb01fe52da49e9869fe8f4088a8990de

  • SHA256

    d7decbee41ee4b8d4e39a35763a8c9a639e61113835354d08f1a0cf56635116c

  • SHA512

    06a7685f3cf411b4054b3e86064f477e0db3b7f852c5e18c1ed089d13dd71b3f19c8b6e794362fbd11da34ceda4fcafcac0233eb764e471c7616a06102faf342

  • SSDEEP

    49152:YaRR9t0mnFiz8aA4chhBBGm0uZPjErQfRhQPIyHdXBHNGmYLxaJzZj36QfbLKmxt:PZiA7BvZPjErQfRe9HdXBHNGmYLwJzh/

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.matrix.loan
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.matrix.loan/app_DynamicOptDex/SJ.json
    Filesize

    238KB

    MD5

    69183f45a49ce910fd079eb0c3137e51

    SHA1

    1f959588023c849efc22cc53af80f13157b1bb49

    SHA256

    d9d3e1508775a281478aeb0961a077913d6d6389fa3c033c79f9d52d947c030a

    SHA512

    65f193419a51097421dbe62d0886f755a55922b1d4759993bc6338c5f1e337e6f20ec15d5c97098c4a790ba8fada3941ee44ae105c9a412b246dc43f1244dd48

    Download Submit

  • /data/data/com.matrix.loan/app_DynamicOptDex/SJ.json
    Filesize

    238KB

    MD5

    688ba7510f022d0194352001df848ca7

    SHA1

    618880f3032c42be58d3f90dababb1724d091731

    SHA256

    db5b8e862278eaca1568299cbeed3d5b21de8e065f76116988035239dc8808f2

    SHA512

    3f39637bb8da82724ba793aebe16d9776d08e646031c480662328e9b3ae9d2b12945a7bf1991f748d26dab9886c9862121c7c1098ea79ee12d1d34b59f2e8333

    Download Submit

  • /data/data/com.matrix.loan/app_DynamicOptDex/oat/SJ.json.cur.prof
    Filesize

    265B

    MD5

    275dbd4c778fe9a0832cc3d47498b27a

    SHA1

    f7f49f872440c5b881804ccd22d650d1ce08571d

    SHA256

    0a22c6621a72612c3230e77ce03e9577ed7acca6a274172586f9eeac3e8b9166

    SHA512

    f3f010fb374c0e2c211fd501e903d12229e70dd42bd760869806e9ccff7a83385bd87b2f6f20eb2af8e189c75ff61cf08cbe5b65d5b4c8942488bf05cd0e43d0

    Download Submit

  • /data/data/com.matrix.loan/app_DynamicOptDex/oat/SJ.json.cur.prof
    Filesize

    392B

    MD5

    94a5778879f8f2327a5d152327a4d8ee

    SHA1

    f053cf41d57500a54935d4a997ab4e1ba7bd9969

    SHA256

    c7ad1a88619f29ba6300711adc0f74957bdbd533f9fe908237163b7e6e921ce2

    SHA512

    567918561e1a38057ddcbc1cef237cb4011067c80cc3afcc39a9578a8c4cf258e0788d4eeec1446af28315c74190cb395d63e2ae8e772840ec5d4149f199431d

    Download Submit

  • /data/user/0/com.matrix.loan/app_DynamicOptDex/SJ.json
    Filesize

    483KB

    MD5

    ca99eaadef4d10c4f8e632887a2efce2

    SHA1

    252a8a270ff8702532f9f2b1e206e6c0ab2bd351

    SHA256

    78c531f34a9290f28cbb7ba2fdbd7a92c9c3c8d217321a05a83a193eae5df488

    SHA512

    30bc73b450c7eeee28f233ca70fafb90a1271d44fed124630b33c634db6491bde8b2789e78b64ca528481d832db4a36964feb6434dddc9872f21ceb42a571eb1

    Download Submit