Overview

overview

10

Static

static

7

64b9fcddb4...bf.apk

android-9-x86

10

64b9fcddb4...bf.apk

android-10-x64

10

64b9fcddb4...bf.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Resubmissions

02-04-2024 09:02

240402-kzss2acd51 10

26-08-2023 22:02

230826-1xr2qafd8x 10

Analysis

  • max time kernel
    870592s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230824-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230824-enlocale:en-usos:android-11-x64system
  • submitted
    26-08-2023 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64b9fcddb47dcd9aee6f23da3276b75fc675012a3190a3c73f23d0d36873f1bf.apk

  • Size

    2.2MB

  • MD5

    419f7d6d8b520f40b0a5354a967f2629

  • SHA1

    6ee2d1771f0383e490c76b286e7aa56661add35d

  • SHA256

    64b9fcddb47dcd9aee6f23da3276b75fc675012a3190a3c73f23d0d36873f1bf

  • SHA512

    99191ef21e52f246b5999b76a3dc04a6aff5bfaea1ce3e8b7603e2193f58d505b8a124bf0092ad5ecc31c68e6b8ad5de7123b2c20a5c28f9fc98b833572294f4

  • SSDEEP

    49152:snGxY44448z+viV+0pKJxRbjEFQPVIHxXVxN2eCB/t9+CJxvBZZ1ceVHbQc/NceG:snquE+0p2RbjEFQPKHxXVxN2eCB1Jxv6

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi5698.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi5698.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 7 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.post.minute
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4611
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4780
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4975
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5057
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5089
            • getprop ro.miui.ui.version.name
              2⤵
                PID:5121
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:5156

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/user/0/com.post.minute/app_DynamicOptDex/oat/ug.json.cur.prof
                Filesize

                315B

                MD5

                8146727dabbf302f87dfc3c886259292

                SHA1

                f1b3468a718712985735b0fca1b46d248195f09e

                SHA256

                1cd453a01148c611f5fcdbbbcc23e42167add4ea7f5092161257b8fbe8ecf6c0

                SHA512

                d5b279ff201805c266adf3de897184008448a7c7180b4bbde904bf63906d4e272fda6d4b686c847b8ff4a6839da5f977d3a9c41375cc1cbd5a356d8869e92254

                Download Submit

              • /data/user/0/com.post.minute/app_DynamicOptDex/ug.json
                Filesize

                238KB

                MD5

                c9f11753740c9a515f625a5572dbaa18

                SHA1

                76fd170ea1ec594b13f25c62803108c0da2c7c7d

                SHA256

                c76cc3d7e1a0a7970083bdda052dddad963167d62df72b689571a415ba920298

                SHA512

                f1344fd41c3aaa444def9748b5835b3930ea4e380ccfe2aa840f32b4394fd0bb784ebc309fe25de1d0c2dc0380ac1de2f22106b1a53c4506ac71dcec8d7d2baf

                Download Submit

              • /data/user/0/com.post.minute/app_DynamicOptDex/ug.json
                Filesize

                238KB

                MD5

                67a4750290b1c0dadf5a00df2d4b02e7

                SHA1

                dca60a135962afba3357b445c3cb4a2281c11a03

                SHA256

                6e819e614bc62c99c8402ac645c736806c8e450048df65b674b309a206830306

                SHA512

                c3e9bc84f861868bacaa81a321b3014082338e1e909fa6ad5f5c349565c169ae975b27fa076b32fc4061de7c9a38674f87910599f705751ef4482ef05831536e

                Download Submit

              • /data/user/0/com.post.minute/app_DynamicOptDex/ug.json
                Filesize

                483KB

                MD5

                16cbed5f379e2684d42d83d908b86cd6

                SHA1

                14479585b1b6d0be1396534eef0def542cba36e0

                SHA256

                77d9296b571198d2093db4d25c5420f59ef5163e7e48e7edc27c1d7c5f487c37

                SHA512

                4d20146087daf65cd7902a40d38cda71af94c76608d7cb37df03b62c173c6db50ab8b0c3991cd8ea1bfcafed2d63d8f2384f7a6a66b749e2380d592b72447a06

                Download Submit