alienbot | 6c90dfc63bce24689c0c5922f8eac1779c01156dc54c3066bae8ca65198949f5

Analysis

max time kernel
871011s
max time network
166s
platform
android_x64
resource
android-x64-20230824-en
resource tags

androidarch:x64arch:x86image:android-x64-20230824-enlocale:en-usos:android-10-x64system
submitted
26-08-2023 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c90dfc63bce24689c0c5922f8eac1779c01156dc54c3066bae8ca65198949f5.apk
Size

1.8MB
MD5

e23523d7d031814057ee47fb0a4fa62f
SHA1

52e52042285da521648dd97c3c47a98509f9e779
SHA256

6c90dfc63bce24689c0c5922f8eac1779c01156dc54c3066bae8ca65198949f5
SHA512

c8aba721fefa1c4df8d9003969b10f1f9db9a6a255979e3ad5a536c056afadc2d4f73bb760600f628df9bab5fd95835b18a2191e553de9a4a77ee303889a3c3c
SSDEEP

49152:Ju2k5XGGH5jLm2QyUgYHMuFWTWhL6em5SWRPZHvvyJoRL500:JJGZXjWgYsKJ0em57ZP6SRL5f

Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

alienbot

http://talatlarholdngltd.net

rc4.plain

Extracted

Family

alienbot

http://talatlarholdngltd.net

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot
Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Cerberus payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.century.whale/app_DynamicOptDex/oC.json	family_cerberus

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.century.whale

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.century.whale
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.century.whale

Removes its main activity from the application launcher 8 IoCs

stealth trojan

Processes:

com.century.whale

pid	process
5241	com.century.whale
5241	com.century.whale
5241	com.century.whale
5241	com.century.whale
5241	com.century.whale
5241	com.century.whale
5241	com.century.whale
5241	com.century.whale

Acquires the wake lock. 1 IoCs

Processes:

com.century.whale

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.century.whale
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.century.whale

ioc pid process

/data/user/0/com.century.whale/app_DynamicOptDex/oC.json 5241 com.century.whale

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.century.whale

ioc	pid	process
/data/user/0/com.century.whale/app_DynamicOptDex/oC.json	5241	com.century.whale

com.century.whale
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
PID:5241
- getprop ro.miui.ui.version.name
  2⤵
  PID:5350
- getprop ro.miui.ui.version.name
  2⤵
  PID:5432
- getprop ro.miui.ui.version.name
  2⤵
  PID:5601
- getprop ro.miui.ui.version.name
  2⤵
  PID:5635
- getprop ro.miui.ui.version.name
  2⤵
  PID:5671
- getprop ro.miui.ui.version.name
  2⤵
  PID:5699
- getprop ro.miui.ui.version.name
  2⤵
  PID:5753

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.century.whale/app_DynamicOptDex/oC.json

Filesize
238KB

MD5
a6ae212f985061ba286a40d696376bbb

SHA1
ad4a3abe7041c200cefab7e327147c91d19b740e

SHA256
8eeca7fa5432e9869c6cde3fe5e9c0e08bb1a1541150010f41ce6ab2b763212a

SHA512
e0faa9b3f1ee6f9b47077c2bfabb305bb63e99d69ac8c42727f60e0c1b9b3023a4a0094d9638fdd0f3d548cf62d76861d57d8ce60f129b5f9ee047f50c2f2ac9

Download Submit
/data/data/com.century.whale/app_DynamicOptDex/oC.json

Filesize
238KB

MD5
ab154cfe486e6a10a66652f108ab9268

SHA1
d85068edaedd591661027b25836175cc746e79d1

SHA256
c3ebd8f0c73997cb9a6cc131287ce988aeb618ed996b994ea370faca68aaecc2

SHA512
0e817dfeb81f533974ebc5c30d90d696a284a538bb68ed27b122eb6bacc45c0b19daf9452cde8b98df258f353c91a2fdd1ce89aa5c0e39dfa240a267f94ac8ea

Download Submit
/data/data/com.century.whale/app_DynamicOptDex/oat/oC.json.cur.prof

Filesize
376B

MD5
d7ebbb69de9c4811bce92d5393f8a22e

SHA1
d3863b17ea91da915ea846a304da06ee899ca949

SHA256
3b973a81ad5aae235eb49e41b35a48709cab3d364e70eebab8c66a92f1cd4847

SHA512
226bdf955b40acac3886f0867b9735dd5deaef127c97eadb500d6c4971eb825d646f19fbbc91a604ee3274197a3957dc0dbc4b1aa28853da74a9c72db3853b6f

Download Submit
/data/user/0/com.century.whale/app_DynamicOptDex/oC.json

Filesize
483KB

MD5
e3800c18e5b583fcc1dba28154bae655

SHA1
1f76daa9e1b79d98988cacdbcc4258d00e4ee669

SHA256
fd4695ae70b53c1faea5acd81187268d451e96694f1b9f152c2840b6852b8341

SHA512
386b0dfa9070a6c96c6924bb594fb17e0f693c21e5136aadf2a200896ed947de3553eaf2ed33c3739df8ad89c664af0a16c726680a6b0a6bf00f9aa18aa7cb6b

Download Submit