Analysis
-
max time kernel
870783s -
max time network
171s -
platform
android_x64 -
resource
android-x64-arm64-20230824-en -
resource tags
-
submitted
26-08-2023 22:04
General
-
Target
6a41f27d45308f281b986b4dfed2989781a0b69cbf069bc84f28e333b56d6dbf.apk
-
Size
2.1MB
-
MD5
6b5f91af50e12627a8125ed7803cce65
-
SHA1
4fd9bff7e333300c0ec69b22fbd61de96594daee
-
SHA256
6a41f27d45308f281b986b4dfed2989781a0b69cbf069bc84f28e333b56d6dbf
-
SHA512
ccd7877fa2ee11e2a3b62a72a352e6353e6fe004760fbff8cdc6ad365f0b2b8a9693e170b0f0380e82b573df80b3f2605a0f8ffeda6694475069f79bc69e67e1
-
SSDEEP
49152:IOnnxNRARz7R+vrjydjUYlUXzEr7dLMSHSVLSYS9ETtY2D+a7a:IOyRz1+vQUdcdLdHSVhS9EL+aG
Malware Config
Extracted
alienbot
http://45.81.39.102
Extracted
alienbot
http://45.81.39.102
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Removes its main activity from the application launcher 3 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
com.sock.rare1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
getprop ro.miui.ui.version.name2⤵
-
-
getprop ro.miui.ui.version.name2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
321B
MD5b74ad77617af36c6b77d8dd56cab9666
SHA15c813f9338983cee246f6235b239740b246911c9
SHA256279e1ede412d2ec3c328af54c57999b6f65b9fe426346e59192df96523f8f386
SHA51232cb3c5956aea4d8b4f60e30fd40d743ac11f422efdc856829722752183df081d27bad6e35fda1bb7e0577a0693a8e0533d3529a5eea25b46ba20f3b46a4c294
-
Filesize
238KB
MD5b93ea1769b42feae29e7a9f15eeeb2e3
SHA11937dc34ba0c1667d2c2cdc116e25c2d2c6f9c0d
SHA256aa39f833db5a09ccf4834b225dc1ffc02ce120968571b406fda646e3af0928ea
SHA512143d374c069b1c603c40933f910a5d88bd38188e48c50ce876d202d85cb0ce21e8e72336a2843f0379ebb9212de99fd2a88abf650575697e2450f233ab838685
-
Filesize
238KB
MD534b673ea5586ff80d8f6534a5b58c6d5
SHA13907cefd8ecb7e0874352a0c9b2e3ca6860edf62
SHA256e56f037f3a19888cbcec137e285c83bce06721ae410c77ef3680d86ef331cfeb
SHA51228478f2a3386b905581598e2f601a9d5ce8ba25b04abac2bd4404ea8d83dba2fc5681faac94f40fab6150646cbcee766f1a283e627777ece9309a0c2f0e8c6d6
-
Filesize
483KB
MD5ad36bd5f464c84ca31a0cd4e608fa724
SHA17dac615c087ac947fdcd941bce80ce89df3c5ede
SHA256970cd465a88aac9e1754330fbadf3507bb124259f4c5b0f31542689e040ce07e
SHA512fd0337337024b972f79a77e347bf7bfe648523102aa1d2daa080d089ba142319b013f83975778e5b045edd6991fac4a47344b0dc5dfb638b8231c4750e7540d3