Overview

overview

10

Static

static

7

b93caedc9c...97.apk

android-9-x86

10

b93caedc9c...97.apk

android-10-x64

10

b93caedc9c...97.apk

android-11-x64

10

HM_JsBridge.js

windows7-x64

1

HM_JsBridge.js

windows10-2004-x64

1

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

Analysis

  • max time kernel
    2252788s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    11-09-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b93caedc9c88a4b350e4a4dc2d6217c535a951360b3d03a8390fe2bb75f11097.apk

  • Size

    2.1MB

  • MD5

    81713d7dbd949c997dee822ecb162f92

  • SHA1

    64a6becb5ae5e1ca8e11a1c3ec42d7788032b896

  • SHA256

    b93caedc9c88a4b350e4a4dc2d6217c535a951360b3d03a8390fe2bb75f11097

  • SHA512

    d085a7e01614416cee234bdde6b95aa75690320d23e381e90152ec8a30d2dfffb4c7aabe4ad648281cfa7843ddaf295ffbc3b689b51bcd03d9c874b9f4617d9e

  • SSDEEP

    49152:GhSLR2JcrJDKcYHCHcsEETSm8t30J0801BpYXCkkaiYu2mcl1dIpkJwRJ5XH:oSlPrJDKcYCcs/TdCkkaqMmXH

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://limit-tanimlama.net

rc4.plain

Extracted

Family

alienbot

C2

http://limit-tanimlama.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Removes its main activity from the application launcher 5 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.

Processes

  • com.shrimp.plate
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:5030
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5151
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5248
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5397
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5431

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.shrimp.plate/app_DynamicOptDex/PWp.json
            Filesize

            238KB

            MD5

            aa284953a78db438b81418df5701554f

            SHA1

            db5a9469ac112a43366f2b5664cb8b2831f2377e

            SHA256

            d5687693b70d0ac09ef92c3c936518bdc9d134ebcf4fd9d15a65d3750df6079e

            SHA512

            51674731679db84ecdb0b86416e4a98e517bc890838976dbb034b6e7266336429b7d326a4f53e4a49b46bd9b3e647bc47cd7a97264c47038ed09961ad08e17bb

            Download Submit

          • /data/data/com.shrimp.plate/app_DynamicOptDex/PWp.json
            Filesize

            238KB

            MD5

            48f82a2b8ab94a24e5c8dc36bb0265c7

            SHA1

            6486d693ec759c07631b414be4c62e2caa5e9e92

            SHA256

            d6adeedd0bba6f02d979469d88f457e672b28ab6ea91bac1195a046e5999a4bf

            SHA512

            165fc1f815ff603f115123332b3a210627a986e24a99f94523b85ac6bf995287739cff9c7f00987d9b955bd1665656e25834ee7823ae4ba589fecee787687a31

            Download Submit

          • /data/data/com.shrimp.plate/app_DynamicOptDex/oat/PWp.json.cur.prof
            Filesize

            535B

            MD5

            282a9707961224006e21e1e8414b6d50

            SHA1

            7a898a2912c8f62db9a909f45a0836916d5a613d

            SHA256

            55fe5fd855cbf2608b60a7765e36426398b93af592169185f1c43c65d90584a3

            SHA512

            67a3504f0bff9eb1666fb284256e7e565db6ac13b51f9d62dd3ec066266f0ccc3bd7ea4bbcf1d1b6bad57e67ed0e0074fca001c35594477a65f824a741ce6d89

            Download Submit

          • /data/data/com.shrimp.plate/app_apk/ring0.apk
            Filesize

            946KB

            MD5

            a73f108dc1b655252c7e45e5df04d4f6

            SHA1

            8459f380f7ef684e393c4408f7f4ee58c99147c4

            SHA256

            c34367f5395f513b8ee0dedcd5502aed69172e71004a80c1f896ca97e05f4f62

            SHA512

            8f84e47b367fb35a073a31cf41422edccbde99ee126cb37d2df0bddae5e8ca0f5df4d6221930548bfd216f583b2885485d764fd58f73d6a14b9a697b66c58dc4

            Download Submit

          • /data/user/0/com.shrimp.plate/app_DynamicOptDex/PWp.json
            Filesize

            483KB

            MD5

            5d1270ce04e50f766ffec46f60f7db9b

            SHA1

            b00a717497db20d791d954de2e49cc883afbd3fb

            SHA256

            7dd5ca5efcccb89e7fc6507d82bef770378f3b013a4897fdcb6b64688572a6d2

            SHA512

            acc2ae388765bfb72fff09ba28a9d12107512b2d04ad5df8472a23658252c08ba1a4b409018b4dd8b373360cfcc92b18f393c844e19b70b571d64b26f533c3cf

            Download Submit