Analysis
-
max time kernel
2252974s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20230831-en -
resource tags
-
submitted
11-09-2023 22:02
General
-
Target
e7aaa8fc7985a2229f5af5b2fb8d460e9fe4e8fc6c3d2a83134d56756bdcd344.apk
-
Size
2.1MB
-
MD5
cf2d7238e9d7a1a384b431c7660c5a7a
-
SHA1
a5da57e5eb9db610bcf2096cf0539421b4cc28e3
-
SHA256
e7aaa8fc7985a2229f5af5b2fb8d460e9fe4e8fc6c3d2a83134d56756bdcd344
-
SHA512
51c4bbaec9bc6dcf70dbec907cfad3dde437358cb55bf2317992aa59f0ad5fd18f15cac9a65914530ee5867dc8c5bc390ccfabe317a0d4d9ab5f954eb400c888
-
SSDEEP
49152:4aJDuO8N6JkJeDHFddqUF+klkmWn0J0801XJ+HgY/scl1dIpkJeRZ5KGejMT:lJDuO8g1leUFFljgYqM4KGeYT
Malware Config
Extracted
alienbot
http://limit-tanimlama.net
Extracted
alienbot
http://limit-tanimlama.net
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
Processes
-
com.heart.mobile1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
238KB
MD54d518cf5d168bc80bb0c10c97023954d
SHA1b54f945e8e9fc508876a86536441a6ea1b6fdedb
SHA256af9a6a46aab804f893ad55f9540602652dee0c410e67256470dd5208e0359232
SHA5126c33c35504fb5afdad825e02d386677d5e3ab37532b6444d151f676c83f04ecf9582e81dd1cf61752e8972a42d489dfe8b90a00f8c77473e1ae5adf0b400b198
-
Filesize
238KB
MD58ee181ea913de41c5deb0cff95b45f3a
SHA183625b213f91a310e91b1f2cc95fbfc33349ef24
SHA2563540984fa2bd9c09ba20c19c937a8d2687636cf0355bc991579c8fd02e3db1f7
SHA51260f39b3f73f10e0499addb88aecc80c5293eb267294b85d5afb7b51c361d0e481b03f1aec3ebdce9e557c1014c29327eae35c91b98fe619e0ceb77f6274036c9
-
Filesize
424B
MD5c364205824d6e71de512b47699426c45
SHA1e195de2824862d9088d76a16131a2586af5fd553
SHA25663c2cd0edd9f67f5d748889ec1cdff7b9f4c24fc9edf29337f47615fba68ef17
SHA51254beeef67fca3ab4cd28528fa6319f4b46db5600776641026936f04e365a45443a1237a3337b4bcd9a39a984e022e2e95895e11f0d02ecf99cdbcadc57ea0de4
-
Filesize
484B
MD5f021514960266a2c890ae966048eb891
SHA1732ee0b08376a5875251c8cd9db33f9ed80b1c6d
SHA25689404c435598faf4f6a006ac38f69b3225eb1ebfc6845b9c86d3f013fc1ec81f
SHA512daa5f0156445032adbdad7a8172d34ad0a0d33328ab895aa09865d654eea07fc538418a4eb8f77ee64969a6a8fa5a1351827c6156d0182649f7d8a39875ab33b
-
Filesize
946KB
MD5a73f108dc1b655252c7e45e5df04d4f6
SHA18459f380f7ef684e393c4408f7f4ee58c99147c4
SHA256c34367f5395f513b8ee0dedcd5502aed69172e71004a80c1f896ca97e05f4f62
SHA5128f84e47b367fb35a073a31cf41422edccbde99ee126cb37d2df0bddae5e8ca0f5df4d6221930548bfd216f583b2885485d764fd58f73d6a14b9a697b66c58dc4
-
Filesize
483KB
MD59dca3d8a4cc8e59d161066b70357256a
SHA168425b4de32dd62dffb734d85021fd49d2fa01be
SHA256196885cbb4288493ed09557ab1e6c93c6ab0cffa0c384265fe0fa7bfe9e70a45
SHA5122deedb739bb888671ff9ab06735174f5fbec882e46f9bd62067208ebbcec787f86c69b7493c6a26141568b616be112d7d1ec9910ab33ef16131fc68d014f64dc