Overview

overview

10

Static

static

7

2363f39cf2...4a.apk

android-9-x86

10

2363f39cf2...4a.apk

android-10-x64

10

2363f39cf2...4a.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    784177s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230824-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230824-enlocale:en-usos:android-11-x64system
  • submitted
    25-08-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2363f39cf254bcb3ec506eb26e9c2f740856dc638ae075161a3e659aa9e6774a.apk

  • Size

    2.1MB

  • MD5

    b196b9c478b6f45a69b5266b08be101d

  • SHA1

    c12271f545443192ae41b6c1902e845023f0e6f5

  • SHA256

    2363f39cf254bcb3ec506eb26e9c2f740856dc638ae075161a3e659aa9e6774a

  • SHA512

    d6716932a12aac33907f6a4ad53a5500b5b8b5950fcac110784775228f3ed85ff632728be264350d2ad55c2c359f44a42d41c3dc45cee700204297917a9c4d38

  • SSDEEP

    49152:Cfbc4eLh3H/h1PMTe30kGdzLWbNpjEmQLDBHZX3WNUcH6sE8EZCm/xCBV13UYcBZ:CTihX/h1PMa3HGUbNpjEmQLNHZX3WNUh

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 3 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.call.brother
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4626
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4711
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4833

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/user/0/com.call.brother/app_DynamicOptDex/eeoXP.json
        Filesize

        238KB

        MD5

        19e6344dcc165653ff6d3f4f9f84c371

        SHA1

        896df072646096d6288dd02b9b2792c9a12563ff

        SHA256

        521979525130abff4571a11d72ef05877fb26805c5835a3469a259a82755cfd0

        SHA512

        9a8b3a93e73031b870ba2cbb230b71a0955d3eba68d2e048825125993074ed6958ffdbdf6521a471297dcc869911d2a57d9150b7990958aa47aee398c223c724

        Download Submit

      • /data/user/0/com.call.brother/app_DynamicOptDex/eeoXP.json
        Filesize

        238KB

        MD5

        a82d4dcbff227940dbf4d9b5440dc63d

        SHA1

        e67c19a108db6ac237ea63eab5afe7c04cb3bf08

        SHA256

        541351d7fd24febe9a9d9af62a437986903d2a3ea12048517c0e69d849570df5

        SHA512

        c5d6e81bd38800ce76f4654b43b31b2e88fc8e66cbcbf0b23ebf0022dcab059f680038429699843830969a197aec7deadea75285c815f0a0a27ec830d59c3d1b

        Download Submit

      • /data/user/0/com.call.brother/app_DynamicOptDex/eeoXP.json
        Filesize

        483KB

        MD5

        16cbed5f379e2684d42d83d908b86cd6

        SHA1

        14479585b1b6d0be1396534eef0def542cba36e0

        SHA256

        77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

        SHA512

        4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

        Download Submit

      • /data/user/0/com.call.brother/app_DynamicOptDex/oat/eeoXP.json.cur.prof
        Filesize

        319B

        MD5

        99bee7e4ea23296cc9f913d1a123caec

        SHA1

        4f879481088dab82730d4dba84154aacb95e2fd0

        SHA256

        2fe4b39c8c18cb7bb5d9e08cdafce1d4cd12c5b52d4073a5f206364a0bfc1cd2

        SHA512

        777c5681a52faf6c955d82ef9903859aead42217d1b664f735eeabccf997ac1588f2fea8162428ff5d60a1190ac94c3ceda50dabfc1df74247cce7813a00da37

        Download Submit