alienbot | e4f2b421efed01a77093b45d8dd08d08229bbe69ae1f07c315aba7c532582c3f

Analysis

max time kernel
784509s
max time network
150s
platform
android_x86
resource
android-x86-arm-20230824-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230824-enlocale:en-usos:android-9-x86system
submitted
25-08-2023 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4f2b421efed01a77093b45d8dd08d08229bbe69ae1f07c315aba7c532582c3f.apk
Size

2.2MB
MD5

8f3f60d13595c075d79f05473938b605
SHA1

4c95b3ea30d7085e3853c79f380f31414989eb19
SHA256

e4f2b421efed01a77093b45d8dd08d08229bbe69ae1f07c315aba7c532582c3f
SHA512

c686edd3e04b0ebef54d99217ecd0426dc6411e40a24fd79dada8244aaf4af5dbedd69db940754e746def74f18ab047c45135b03f6272e296479a35e7b2ed8d1
SSDEEP

49152:pYsQyeWzMkH0UHtUrkJmJjEgQH7jHdXfYNMYxgywlTZD4yyXuBCe21WkD/zGK1zp:OZyeWzGUHCrkJmJjEgQHXHdXfYNMYxgw

Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

alienbot

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

http://girisapi5698.pw

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot
Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Cerberus payload 1 IoCs

resource	yara_rule
behavioral1/memory/4107-0.dex	family_cerberus

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.inherit.month
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.inherit.month

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4107	com.inherit.month

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.inherit.month

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.inherit.month/app_DynamicOptDex/ssrRX.json	4107	com.inherit.month

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.inherit.month

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.inherit.month

com.inherit.month
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4107

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.inherit.month/app_DynamicOptDex/oat/ssrRX.json.cur.prof

Filesize
381B

MD5
d03fd7850a3cf9a8e10e4d4ca5276835

SHA1
63fceccaa5e9afef2b7135949a7ee4585a9f1880

SHA256
dcbf28ea457aad9bd3fb8249ef5b8f5bc562228d5d40b135a16be32872436443

SHA512
21edafeacf6b872dc99b689554520a6651fb0347295f4b516d25e8ebd31388cb6bb0a5fcce44a1fa3a77a3ccee717bb05ca569fae52214b9034485a5bbc4068f

Download Submit
/data/data/com.inherit.month/app_DynamicOptDex/ssrRX.json

Filesize
238KB

MD5
af15f64953415122a1abf82af7342f50

SHA1
96cd7fd0583749fccbc2827b8c2108364c3a0083

SHA256
6ff807f3b430a1b40fc01f0caf07e7321a21f15828fc476c8b22a375806e58de

SHA512
b7fe17732040b5d3acc11a1c238e5ed2af1d33b2f605a20b2ba8828f86533fa01faff067276f4af220dd750125ccebeae89ebac6065d72e99423dcaf07356a47

Download Submit
/data/data/com.inherit.month/app_DynamicOptDex/ssrRX.json

Filesize
238KB

MD5
dbab4dee1fe44a72c2788e400428ac85

SHA1
1746a8aa9886255d2d71dd597b1be54d35cfde5b

SHA256
77fc7bf36df11ca27741918144bee2115ea527bf1abec11bfc09ec55714db0f2

SHA512
018966be3705a8660d3a0b02c107c5771c3f72731afc031cb7d2c6a5bda2ba333d973866b77b99a77d34d529883591582e79313f0b20b1c752b5053748a968ad

Download Submit
/data/user/0/com.inherit.month/app_DynamicOptDex/ssrRX.json

Filesize
483KB

MD5
16cbed5f379e2684d42d83d908b86cd6

SHA1
14479585b1b6d0be1396534eef0def542cba36e0

SHA256
77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

SHA512
4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads