Overview

overview

10

Static

static

7

e4f2b421ef...3f.apk

android-9-x86

10

e4f2b421ef...3f.apk

android-10-x64

10

e4f2b421ef...3f.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    784526s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230824-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230824-enlocale:en-usos:android-11-x64system
  • submitted
    25-08-2023 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4f2b421efed01a77093b45d8dd08d08229bbe69ae1f07c315aba7c532582c3f.apk

  • Size

    2.2MB

  • MD5

    8f3f60d13595c075d79f05473938b605

  • SHA1

    4c95b3ea30d7085e3853c79f380f31414989eb19

  • SHA256

    e4f2b421efed01a77093b45d8dd08d08229bbe69ae1f07c315aba7c532582c3f

  • SHA512

    c686edd3e04b0ebef54d99217ecd0426dc6411e40a24fd79dada8244aaf4af5dbedd69db940754e746def74f18ab047c45135b03f6272e296479a35e7b2ed8d1

  • SSDEEP

    49152:pYsQyeWzMkH0UHtUrkJmJjEgQH7jHdXfYNMYxgywlTZD4yyXuBCe21WkD/zGK1zp:OZyeWzGUHCrkJmJjEgQHXHdXfYNMYxgw

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.inherit.month
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4557
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4706
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4866
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5017
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5051
            • getprop ro.miui.ui.version.name
              2⤵
                PID:5079
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:5114
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:5151

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/com.inherit.month/app_DynamicOptDex/oat/ssrRX.json.cur.prof
                  Filesize

                  317B

                  MD5

                  2a7e4c58576aa58177801bd98427f6d6

                  SHA1

                  3622a6914705e83ce2f2ed1ea1bb2874316632ad

                  SHA256

                  df762831e433224711c5a28b4ae3d2bb394cb211d0be03e42ed5589ff1aed785

                  SHA512

                  dd0df7d234d3f2c84bda0db5f46f46dfeeb4b65bb3ddbc043bbfcc9879f537c9b80072b733248bc810a2c9a887a2f58735d2e8c6cbd295461eb2df33c8c2c5d0

                  Download Submit

                • /data/user/0/com.inherit.month/app_DynamicOptDex/ssrRX.json
                  Filesize

                  238KB

                  MD5

                  af15f64953415122a1abf82af7342f50

                  SHA1

                  96cd7fd0583749fccbc2827b8c2108364c3a0083

                  SHA256

                  6ff807f3b430a1b40fc01f0caf07e7321a21f15828fc476c8b22a375806e58de

                  SHA512

                  b7fe17732040b5d3acc11a1c238e5ed2af1d33b2f605a20b2ba8828f86533fa01faff067276f4af220dd750125ccebeae89ebac6065d72e99423dcaf07356a47

                  Download Submit

                • /data/user/0/com.inherit.month/app_DynamicOptDex/ssrRX.json
                  Filesize

                  238KB

                  MD5

                  dbab4dee1fe44a72c2788e400428ac85

                  SHA1

                  1746a8aa9886255d2d71dd597b1be54d35cfde5b

                  SHA256

                  77fc7bf36df11ca27741918144bee2115ea527bf1abec11bfc09ec55714db0f2

                  SHA512

                  018966be3705a8660d3a0b02c107c5771c3f72731afc031cb7d2c6a5bda2ba333d973866b77b99a77d34d529883591582e79313f0b20b1c752b5053748a968ad

                  Download Submit

                • /data/user/0/com.inherit.month/app_DynamicOptDex/ssrRX.json
                  Filesize

                  483KB

                  MD5

                  16cbed5f379e2684d42d83d908b86cd6

                  SHA1

                  14479585b1b6d0be1396534eef0def542cba36e0

                  SHA256

                  77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

                  SHA512

                  4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

                  Download Submit