Overview

overview

10

Static

static

7

e5b16c682b...a4.apk

android-9-x86

10

e5b16c682b...a4.apk

android-10-x64

10

e5b16c682b...a4.apk

android-11-x64

10

1bf84a89-2...c0e.js

windows7-x64

1

1bf84a89-2...c0e.js

windows10-2004-x64

1

ad.html

windows7-x64

1

ad.html

windows10-2004-x64

1

aps-mraid.js

windows7-x64

1

aps-mraid.js

windows10-2004-x64

1

assign_lab...l.html

windows7-x64

1

assign_lab...l.html

windows10-2004-x64

1

blood_gluc...l.html

windows7-x64

1

blood_gluc...l.html

windows10-2004-x64

1

blood_gluc...l.html

windows7-x64

1

blood_gluc...l.html

windows10-2004-x64

1

blood_pres...l.html

windows7-x64

1

blood_pres...l.html

windows10-2004-x64

1

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

diabetes_r...l.html

windows7-x64

1

diabetes_r...l.html

windows10-2004-x64

1

dpr_report.html

windows7-x64

1

dpr_report.html

windows10-2004-x64

1

dtb-m.js

windows7-x64

1

dtb-m.js

windows10-2004-x64

1

edit_insul...l.html

windows7-x64

1

edit_insul...l.html

windows10-2004-x64

1

edit_label...l.html

windows7-x64

1

edit_label...l.html

windows10-2004-x64

1

edit_medic...l.html

windows7-x64

1

edit_medic...l.html

windows10-2004-x64

1

edit_track...l.html

windows7-x64

1

Analysis

  • max time kernel
    870428s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-20230824-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230824-enlocale:en-usos:android-10-x64system
  • submitted
    26-08-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5b16c682bd82fad9898eb1259b02c872be31a6dfa0c30e8618f06e33883d6a4.apk

  • Size

    2.4MB

  • MD5

    34c5814c9f1bc5e15c9b7554178ad894

  • SHA1

    6e04f5e4cc2307ca4fc4909c73f274731cd40869

  • SHA256

    e5b16c682bd82fad9898eb1259b02c872be31a6dfa0c30e8618f06e33883d6a4

  • SHA512

    4959c9c1ac0f201b5998192ba2ce3457a5c5efe5192db8053b43d1a2f5fe831b4867398e5b31810089d60803021cd4530616f179f9bf2e77bc15af7c97fc9fea

  • SSDEEP

    49152:/g9o9qixF9nhspwsAVk5b/yhXoEZy5lLGVVfoGFT9B/+GxEe8ZqSbcHtk3X0g7bh:/yo9qW7hpabwXoEZsCB5FCGxEFqSgNWx

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi9327.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi9327.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 5 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.portion.initial
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:5086
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5281
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5430
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5468
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5500

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.portion.initial/app_DynamicOptDex/dBk.json
            Filesize

            238KB

            MD5

            32abc08eeced3121f5cc9ced6cb66bfc

            SHA1

            2c083729ec1a4e88d8022d056f09b1ba8add5fc6

            SHA256

            158fc8ec304cb7f96b3136eac5415441aef5c7989eec6fa77d5efc845d160720

            SHA512

            28c82a835e5453ad6553da5d670e10bfa1b83c10f912bcaaa8225374efee01aba53174e22d2566db773a4ac48c0b140976fb827e982b5cd3216e83581eb13647

            Download Submit

          • /data/data/com.portion.initial/app_DynamicOptDex/dBk.json
            Filesize

            238KB

            MD5

            20bec0eb5cd0fdffdaf4474e651489ee

            SHA1

            cc36ffb137e0d7ed100d51e792a6bd40add37a59

            SHA256

            71db3e22ea235a4757d0251d8bfca114e79946de92c620d5d6a88c6aa8079a5b

            SHA512

            9b8cd7f9ce83c861e28b4b99fe306b9c2f1014e5248b183c64cde28ae6dc3ec10aa68b7c67be3ef96691ff3fa036b160740a3d7cfbb63f1b517e8fe4f6afddc7

            Download Submit

          • /data/data/com.portion.initial/app_DynamicOptDex/oat/dBk.json.cur.prof
            Filesize

            429B

            MD5

            84f267dfeea60b08350e596ec2716cb9

            SHA1

            4a232c5bebb2bf9aea91f4790d13e7a17f0b8de8

            SHA256

            0bf96861eeddfed707a8db20dca45c50a93e37491806d5302d1f786ff5d5519d

            SHA512

            eb0cd596432d3fc19f07c9eb91e1ccd184cb10adf2003ba61b9920b68ff0bea5e9a45506565e27fcb42b84cdfd935d6e768a2d7414216287d8953b48a1b2e39b

            Download Submit

          • /data/user/0/com.portion.initial/app_DynamicOptDex/dBk.json
            Filesize

            483KB

            MD5

            f87bc44315f48ad2199c9418cc9bc98b

            SHA1

            a18d81824183992897c5a789b64a86731c249213

            SHA256

            f4462160dfcae5fddb83c5e0c9020e887c15ace3c898b13d6defdbe9046c1e5a

            SHA512

            22d50472c298356d5e24848e6f6c53a84fbdb65fc1cfb53b17b32c56fd0fe5b8b07d5c157d39a6b26422e7425ee59ba220d21d5db4af1f88ab1534deb9cc5928

            Download Submit