Overview

overview

10

Static

static

7

6c90dfc63b...f5.apk

android-9-x86

10

6c90dfc63b...f5.apk

android-10-x64

10

6c90dfc63b...f5.apk

android-11-x64

10

CheatSheet...s.html

windows7-x64

1

CheatSheet...s.html

windows10-2004-x64

1

CheatSheet...n.html

windows7-x64

1

CheatSheet...n.html

windows10-2004-x64

1

CheatSheet...s.html

windows7-x64

1

CheatSheet...s.html

windows10-2004-x64

1

chartjs-pl...min.js

windows7-x64

1

chartjs-pl...min.js

windows10-2004-x64

1

hammerjs.js

windows7-x64

1

hammerjs.js

windows10-2004-x64

1

jquery-3.4.1.min.js

windows7-x64

1

jquery-3.4.1.min.js

windows10-2004-x64

1

library.swf

windows7-x64

3

library.swf

windows10-2004-x64

3

com/google....class

windows7-x64

3

com/google....class

windows10-2004-x64

3

com/google....class

windows7-x64

3

com/google....class

windows10-2004-x64

3

com/google....class

windows7-x64

3

com/google....class

windows10-2004-x64

3

com/google....class

windows7-x64

3

com/google....class

windows10-2004-x64

3

com/google....class

windows7-x64

3

com/google....class

windows10-2004-x64

3

com/google....class

windows7-x64

3

com/google....class

windows10-2004-x64

3

com/google....class

windows7-x64

3

com/google....class

windows10-2004-x64

3

com/google....class

windows7-x64

3

Analysis

  • max time kernel
    871024s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230824-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230824-enlocale:en-usos:android-11-x64system
  • submitted
    26-08-2023 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c90dfc63bce24689c0c5922f8eac1779c01156dc54c3066bae8ca65198949f5.apk

  • Size

    1.8MB

  • MD5

    e23523d7d031814057ee47fb0a4fa62f

  • SHA1

    52e52042285da521648dd97c3c47a98509f9e779

  • SHA256

    6c90dfc63bce24689c0c5922f8eac1779c01156dc54c3066bae8ca65198949f5

  • SHA512

    c8aba721fefa1c4df8d9003969b10f1f9db9a6a255979e3ad5a536c056afadc2d4f73bb760600f628df9bab5fd95835b18a2191e553de9a4a77ee303889a3c3c

  • SSDEEP

    49152:Ju2k5XGGH5jLm2QyUgYHMuFWTWhL6em5SWRPZHvvyJoRL500:JJGZXjWgYsKJ0em57ZP6SRL5f

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://talatlarholdngltd.net

rc4.plain

Extracted

Family

alienbot

C2

http://talatlarholdngltd.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 5 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.century.whale
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4453
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4597
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4769
        • getprop ro.miui.ui.version.name
          2⤵
            PID:4861
          • getprop ro.miui.ui.version.name
            2⤵
              PID:4905

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/user/0/com.century.whale/app_DynamicOptDex/oC.json
            Filesize

            238KB

            MD5

            a6ae212f985061ba286a40d696376bbb

            SHA1

            ad4a3abe7041c200cefab7e327147c91d19b740e

            SHA256

            8eeca7fa5432e9869c6cde3fe5e9c0e08bb1a1541150010f41ce6ab2b763212a

            SHA512

            e0faa9b3f1ee6f9b47077c2bfabb305bb63e99d69ac8c42727f60e0c1b9b3023a4a0094d9638fdd0f3d548cf62d76861d57d8ce60f129b5f9ee047f50c2f2ac9

            Download Submit

          • /data/user/0/com.century.whale/app_DynamicOptDex/oC.json
            Filesize

            238KB

            MD5

            ab154cfe486e6a10a66652f108ab9268

            SHA1

            d85068edaedd591661027b25836175cc746e79d1

            SHA256

            c3ebd8f0c73997cb9a6cc131287ce988aeb618ed996b994ea370faca68aaecc2

            SHA512

            0e817dfeb81f533974ebc5c30d90d696a284a538bb68ed27b122eb6bacc45c0b19daf9452cde8b98df258f353c91a2fdd1ce89aa5c0e39dfa240a267f94ac8ea

            Download Submit

          • /data/user/0/com.century.whale/app_DynamicOptDex/oC.json
            Filesize

            483KB

            MD5

            e3800c18e5b583fcc1dba28154bae655

            SHA1

            1f76daa9e1b79d98988cacdbcc4258d00e4ee669

            SHA256

            fd4695ae70b53c1faea5acd81187268d451e96694f1b9f152c2840b6852b8341

            SHA512

            386b0dfa9070a6c96c6924bb594fb17e0f693c21e5136aadf2a200896ed947de3553eaf2ed33c3739df8ad89c664af0a16c726680a6b0a6bf00f9aa18aa7cb6b

            Download Submit

          • /data/user/0/com.century.whale/app_DynamicOptDex/oat/oC.json.cur.prof
            Filesize

            315B

            MD5

            24aab10c181ec5d4e0908d6292c070a5

            SHA1

            7cb587cd69d28e723d682cbffb45b5c2e1fe19e1

            SHA256

            fe2df47bb7102e2370d4e873c6fe2f89bfa8a8d421fcd34532432874320bf8dd

            SHA512

            75fc8b7b12b4532e1f489e4b09e4e90b5d2aecb52605fc1c8266f36e3c5ad2105e5e8187b4ed6590c8506cb98ce5b2b582f318507c638511a9b5ce18360b4b29

            Download Submit