Overview

overview

10

Static

static

7

d5a786ea0f...5f.apk

android-9-x86

10

d5a786ea0f...5f.apk

android-10-x64

10

d5a786ea0f...5f.apk

android-11-x64

10

HM_JsBridge.js

windows7-x64

1

HM_JsBridge.js

windows10-2004-x64

1

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

Analysis

  • max time kernel
    1902226s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    07-09-2023 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5a786ea0f6499d9bb654c37a20dda6ff7d0644084762697ae181d4d19de4b5f.apk

  • Size

    2.1MB

  • MD5

    bf7c010798cd3b0afd41791d46686ba0

  • SHA1

    d59032cd5e341206b0527b85f5aedc75ba4faba3

  • SHA256

    d5a786ea0f6499d9bb654c37a20dda6ff7d0644084762697ae181d4d19de4b5f

  • SHA512

    b41cae02d199d8a6ea5bfdde446fc59000c504b8f000d8279aa7aa659e6fdfaf9186957582d54ee734db671329ac062acea84e37ddba03ccfefec62a3b1db0b6

  • SSDEEP

    49152:aL2g3N12jPKHQMcuijDri0J0801nFC/kEjQcl1dIpkJWRd5rQ0sojhCJf:21iiwMcuwkESM0rDsIhi

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://bigionlinegiris.net

rc4.plain

Extracted

Family

alienbot

C2

http://bigionlinegiris.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 3 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.frown.trend
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:4858
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5003
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5107

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.frown.trend/app_DynamicOptDex/hgsdi.json
        Filesize

        238KB

        MD5

        f8869e5e222ce32aef02ba043018beaf

        SHA1

        014458654f015e694cb93d3317d2b106f39d52ff

        SHA256

        6eb77097b3bd268b08c3c89ac37d8c302ecea971ed2e78741eafa234bd32e0b8

        SHA512

        02a7602416ed08d5d89d17aaa02e8d4d644b5aa45be7289091832c25def70a593308da77c404080208e3d58e069e6d8d5b80aff46530f2379babc431a3c42163

        Download Submit

      • /data/data/com.frown.trend/app_DynamicOptDex/hgsdi.json
        Filesize

        238KB

        MD5

        88fe94ed3afbe6d864a4f3fe7bfb8239

        SHA1

        1fef6da5e92a7258ab4fb1f7a5e75be5b6536aa1

        SHA256

        d33dfcab2f87d37fdcbe390cb25931d4a3b0bd6daab93d2bf57390bf1fd6212d

        SHA512

        2e767cada03252e9d3a00c9e767ce40c6c769d98db68211fc5f0a302be7d1d22f529780cb336b2d3cfed257a3a1d7c7736bd310e465d221a336efaaf8458dc03

        Download Submit

      • /data/data/com.frown.trend/app_DynamicOptDex/oat/hgsdi.json.cur.prof
        Filesize

        390B

        MD5

        35e2b5e39f8255cdf5bd3633db896bf1

        SHA1

        e737c4bdb8860867ecdf032f6d4ff3c8b190cf48

        SHA256

        326bcaa2dc14431aa4cd60046c1daa2a852037d99ff659ce522c31ede866835e

        SHA512

        9fe105d5749e2ad676b48783d7f536bd677aa6ac5d24c07d384ac105eb9d8b55afa1b4e5974d00836d0850839bae03edab1e398fb0e6a0ac12384d64351ff693

        Download Submit

      • /data/user/0/com.frown.trend/app_DynamicOptDex/hgsdi.json
        Filesize

        483KB

        MD5

        5d39df45d9b98df1833630d1085c087e

        SHA1

        36a9ae12a4aa58e79ef4af7cde911598a3c000e8

        SHA256

        5d4697010ed89fd9e3ff8194b8053929f1964292fc6be105d868c5e0f088c6c0

        SHA512

        7b74837a5e7fbd8c3513884aad2e9d70b27264a2caa82dbb16c9fb4763a160a7aec1d2778338ccc78af787f39ba9f20dee6ae4a64204911a37fc3a98de7d59e8

        Download Submit