Overview

overview

10

Static

static

7

64b9fcddb4...bf.apk

android-9-x86

10

64b9fcddb4...bf.apk

android-10-x64

10

64b9fcddb4...bf.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Resubmissions

02-04-2024 09:02

240402-kzss2acd51 10

26-08-2023 22:02

230826-1xr2qafd8x 10

Analysis

  • max time kernel
    870565s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20230824-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230824-enlocale:en-usos:android-9-x86system
  • submitted
    26-08-2023 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64b9fcddb47dcd9aee6f23da3276b75fc675012a3190a3c73f23d0d36873f1bf.apk

  • Size

    2.2MB

  • MD5

    419f7d6d8b520f40b0a5354a967f2629

  • SHA1

    6ee2d1771f0383e490c76b286e7aa56661add35d

  • SHA256

    64b9fcddb47dcd9aee6f23da3276b75fc675012a3190a3c73f23d0d36873f1bf

  • SHA512

    99191ef21e52f246b5999b76a3dc04a6aff5bfaea1ce3e8b7603e2193f58d505b8a124bf0092ad5ecc31c68e6b8ad5de7123b2c20a5c28f9fc98b833572294f4

  • SSDEEP

    49152:snGxY44448z+viV+0pKJxRbjEFQPVIHxXVxN2eCB/t9+CJxvBZZ1ceVHbQc/NceG:snquE+0p2RbjEFQPKHxXVxN2eCB1Jxv6

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.post.minute
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4192
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.post.minute/app_DynamicOptDex/ug.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.post.minute/app_DynamicOptDex/oat/x86/ug.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4218

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.post.minute/app_DynamicOptDex/oat/ug.json.cur.prof
    Filesize

    445B

    MD5

    f02addac2bdabc24dca8f84160f49198

    SHA1

    34144d72cbae3aaf509c6f934e4cc67c062111ff

    SHA256

    ab39e918bf1f7346f63ebfb93fbaaf35d34bcc0947fca8d03fb1e1c848a1ae0b

    SHA512

    5563548af64a7fe5b117b86c849d16046d50ef5c7390b107670242d0bf6bab0d92ff726b2123c7965deee991c75efec198364c7e91e5c36c9869cc5f00531431

    Download Submit

  • /data/data/com.post.minute/app_DynamicOptDex/ug.json
    Filesize

    238KB

    MD5

    c9f11753740c9a515f625a5572dbaa18

    SHA1

    76fd170ea1ec594b13f25c62803108c0da2c7c7d

    SHA256

    c76cc3d7e1a0a7970083bdda052dddad963167d62df72b689571a415ba920298

    SHA512

    f1344fd41c3aaa444def9748b5835b3930ea4e380ccfe2aa840f32b4394fd0bb784ebc309fe25de1d0c2dc0380ac1de2f22106b1a53c4506ac71dcec8d7d2baf

    Download Submit

  • /data/data/com.post.minute/app_DynamicOptDex/ug.json
    Filesize

    238KB

    MD5

    67a4750290b1c0dadf5a00df2d4b02e7

    SHA1

    dca60a135962afba3357b445c3cb4a2281c11a03

    SHA256

    6e819e614bc62c99c8402ac645c736806c8e450048df65b674b309a206830306

    SHA512

    c3e9bc84f861868bacaa81a321b3014082338e1e909fa6ad5f5c349565c169ae975b27fa076b32fc4061de7c9a38674f87910599f705751ef4482ef05831536e

    Download Submit

  • /data/user/0/com.post.minute/app_DynamicOptDex/ug.json
    Filesize

    483KB

    MD5

    09e1d2dad81094917e9c64168f3740a8

    SHA1

    fd0ca499ab40112a0c4d4e6a8f49ad48703e6848

    SHA256

    9cefe170eb2ea3f407ba609302cbcb9b6ba3f45dd40a51a38718a591badac1c5

    SHA512

    9fe51b4ef7c658f31f74baa15a0c0e5a80fd72293a6531743483715ef02f79efc15d54a9a563956a47adbc59e5507f27755c29b273f47610aeeb34ad3da8d792

    Download Submit

  • /data/user/0/com.post.minute/app_DynamicOptDex/ug.json
    Filesize

    483KB

    MD5

    16cbed5f379e2684d42d83d908b86cd6

    SHA1

    14479585b1b6d0be1396534eef0def542cba36e0

    SHA256

    77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

    SHA512

    4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

    Download Submit