Overview

overview

10

Static

static

7

e4f2b421ef...3f.apk

android-9-x86

10

e4f2b421ef...3f.apk

android-10-x64

10

e4f2b421ef...3f.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    784525s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20230824-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230824-enlocale:en-usos:android-10-x64system
  • submitted
    25-08-2023 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4f2b421efed01a77093b45d8dd08d08229bbe69ae1f07c315aba7c532582c3f.apk

  • Size

    2.2MB

  • MD5

    8f3f60d13595c075d79f05473938b605

  • SHA1

    4c95b3ea30d7085e3853c79f380f31414989eb19

  • SHA256

    e4f2b421efed01a77093b45d8dd08d08229bbe69ae1f07c315aba7c532582c3f

  • SHA512

    c686edd3e04b0ebef54d99217ecd0426dc6411e40a24fd79dada8244aaf4af5dbedd69db940754e746def74f18ab047c45135b03f6272e296479a35e7b2ed8d1

  • SSDEEP

    49152:pYsQyeWzMkH0UHtUrkJmJjEgQH7jHdXfYNMYxgywlTZD4yyXuBCe21WkD/zGK1zp:OZyeWzGUHCrkJmJjEgQHXHdXfYNMYxgw

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.inherit.month
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:5014
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5117
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5221
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5283
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5324
            • getprop ro.miui.ui.version.name
              2⤵
                PID:5358
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:5387
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:5422

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/com.inherit.month/app_DynamicOptDex/oat/ssrRX.json.cur.prof
                  Filesize

                  391B

                  MD5

                  5262ec0382db803e0554909a90bbec44

                  SHA1

                  eece6344c8fcd3cff5128a67f05ae58f717cc3e8

                  SHA256

                  420471b841b06701ff63f8c4124bea1f80189d1cd0061c16f6281000b819b08f

                  SHA512

                  9515f2fc1c8142c5cfffa2d3efe23cddc5c19c7f5c84fd29ab2f63eee578236eed9409a8002a1bb13afa34cbd0c73ba87fa1e9e082f607ce3af89dff8685e3b0

                  Download Submit

                • /data/data/com.inherit.month/app_DynamicOptDex/ssrRX.json
                  Filesize

                  238KB

                  MD5

                  af15f64953415122a1abf82af7342f50

                  SHA1

                  96cd7fd0583749fccbc2827b8c2108364c3a0083

                  SHA256

                  6ff807f3b430a1b40fc01f0caf07e7321a21f15828fc476c8b22a375806e58de

                  SHA512

                  b7fe17732040b5d3acc11a1c238e5ed2af1d33b2f605a20b2ba8828f86533fa01faff067276f4af220dd750125ccebeae89ebac6065d72e99423dcaf07356a47

                  Download Submit

                • /data/data/com.inherit.month/app_DynamicOptDex/ssrRX.json
                  Filesize

                  238KB

                  MD5

                  dbab4dee1fe44a72c2788e400428ac85

                  SHA1

                  1746a8aa9886255d2d71dd597b1be54d35cfde5b

                  SHA256

                  77fc7bf36df11ca27741918144bee2115ea527bf1abec11bfc09ec55714db0f2

                  SHA512

                  018966be3705a8660d3a0b02c107c5771c3f72731afc031cb7d2c6a5bda2ba333d973866b77b99a77d34d529883591582e79313f0b20b1c752b5053748a968ad

                  Download Submit

                • /data/user/0/com.inherit.month/app_DynamicOptDex/ssrRX.json
                  Filesize

                  483KB

                  MD5

                  16cbed5f379e2684d42d83d908b86cd6

                  SHA1

                  14479585b1b6d0be1396534eef0def542cba36e0

                  SHA256

                  77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

                  SHA512

                  4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

                  Download Submit