Overview

overview

10

Static

static

7

2363f39cf2...4a.apk

android-9-x86

10

2363f39cf2...4a.apk

android-10-x64

10

2363f39cf2...4a.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    784169s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20230824-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230824-enlocale:en-usos:android-10-x64system
  • submitted
    25-08-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2363f39cf254bcb3ec506eb26e9c2f740856dc638ae075161a3e659aa9e6774a.apk

  • Size

    2.1MB

  • MD5

    b196b9c478b6f45a69b5266b08be101d

  • SHA1

    c12271f545443192ae41b6c1902e845023f0e6f5

  • SHA256

    2363f39cf254bcb3ec506eb26e9c2f740856dc638ae075161a3e659aa9e6774a

  • SHA512

    d6716932a12aac33907f6a4ad53a5500b5b8b5950fcac110784775228f3ed85ff632728be264350d2ad55c2c359f44a42d41c3dc45cee700204297917a9c4d38

  • SSDEEP

    49152:Cfbc4eLh3H/h1PMTe30kGdzLWbNpjEmQLDBHZX3WNUcH6sE8EZCm/xCBV13UYcBZ:CTihX/h1PMa3HGUbNpjEmQLNHZX3WNUh

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.call.brother
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:4946
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5127
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5177
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5368
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5399
            • getprop ro.miui.ui.version.name
              2⤵
                PID:5439
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:5472
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:5502

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/com.call.brother/app_DynamicOptDex/eeoXP.json
                  Filesize

                  238KB

                  MD5

                  19e6344dcc165653ff6d3f4f9f84c371

                  SHA1

                  896df072646096d6288dd02b9b2792c9a12563ff

                  SHA256

                  521979525130abff4571a11d72ef05877fb26805c5835a3469a259a82755cfd0

                  SHA512

                  9a8b3a93e73031b870ba2cbb230b71a0955d3eba68d2e048825125993074ed6958ffdbdf6521a471297dcc869911d2a57d9150b7990958aa47aee398c223c724

                  Download Submit

                • /data/data/com.call.brother/app_DynamicOptDex/eeoXP.json
                  Filesize

                  238KB

                  MD5

                  a82d4dcbff227940dbf4d9b5440dc63d

                  SHA1

                  e67c19a108db6ac237ea63eab5afe7c04cb3bf08

                  SHA256

                  541351d7fd24febe9a9d9af62a437986903d2a3ea12048517c0e69d849570df5

                  SHA512

                  c5d6e81bd38800ce76f4654b43b31b2e88fc8e66cbcbf0b23ebf0022dcab059f680038429699843830969a197aec7deadea75285c815f0a0a27ec830d59c3d1b

                  Download Submit

                • /data/data/com.call.brother/app_DynamicOptDex/oat/eeoXP.json.cur.prof
                  Filesize

                  377B

                  MD5

                  1ea5076421359fbe66816216b59fb90d

                  SHA1

                  24de0aec445a594e2fa395749b29102e0125f26a

                  SHA256

                  f23e230b12c8d35663d4d2216dc17cae90a12a924506f829db602175bb16e164

                  SHA512

                  95f55dd3173939f3008919da6efab1b9a73fc5bd453c1ef38e01d742b1239da6fe7f405f99ac85a2f03ccc549b0380f58276170c240f9e51991a6f5aa1f33ea0

                  Download Submit

                • /data/user/0/com.call.brother/app_DynamicOptDex/eeoXP.json
                  Filesize

                  483KB

                  MD5

                  16cbed5f379e2684d42d83d908b86cd6

                  SHA1

                  14479585b1b6d0be1396534eef0def542cba36e0

                  SHA256

                  77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

                  SHA512

                  4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

                  Download Submit