Overview

overview

10

Static

static

7

e7aaa8fc79...44.apk

android-9-x86

10

e7aaa8fc79...44.apk

android-10-x64

10

e7aaa8fc79...44.apk

android-11-x64

10

HM_JsBridge.js

windows7-x64

1

HM_JsBridge.js

windows10-2004-x64

5

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

Analysis

  • max time kernel
    2253005s
  • max time network
    152s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    11-09-2023 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e7aaa8fc7985a2229f5af5b2fb8d460e9fe4e8fc6c3d2a83134d56756bdcd344.apk

  • Size

    2.1MB

  • MD5

    cf2d7238e9d7a1a384b431c7660c5a7a

  • SHA1

    a5da57e5eb9db610bcf2096cf0539421b4cc28e3

  • SHA256

    e7aaa8fc7985a2229f5af5b2fb8d460e9fe4e8fc6c3d2a83134d56756bdcd344

  • SHA512

    51c4bbaec9bc6dcf70dbec907cfad3dde437358cb55bf2317992aa59f0ad5fd18f15cac9a65914530ee5867dc8c5bc390ccfabe317a0d4d9ab5f954eb400c888

  • SSDEEP

    49152:4aJDuO8N6JkJeDHFddqUF+klkmWn0J0801XJ+HgY/scl1dIpkJeRZ5KGejMT:lJDuO8g1leUFFljgYqM4KGeYT

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://limit-tanimlama.net

rc4.plain

Extracted

Family

alienbot

C2

http://limit-tanimlama.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Removes its main activity from the application launcher 5 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.heart.mobile
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4434
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4577
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4780
        • getprop ro.miui.ui.version.name
          2⤵
            PID:4837
          • getprop ro.miui.ui.version.name
            2⤵
              PID:4878

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/user/0/com.heart.mobile/app_DynamicOptDex/dtglRi.json
            Filesize

            238KB

            MD5

            4d518cf5d168bc80bb0c10c97023954d

            SHA1

            b54f945e8e9fc508876a86536441a6ea1b6fdedb

            SHA256

            af9a6a46aab804f893ad55f9540602652dee0c410e67256470dd5208e0359232

            SHA512

            6c33c35504fb5afdad825e02d386677d5e3ab37532b6444d151f676c83f04ecf9582e81dd1cf61752e8972a42d489dfe8b90a00f8c77473e1ae5adf0b400b198

            Download Submit

          • /data/user/0/com.heart.mobile/app_DynamicOptDex/dtglRi.json
            Filesize

            238KB

            MD5

            8ee181ea913de41c5deb0cff95b45f3a

            SHA1

            83625b213f91a310e91b1f2cc95fbfc33349ef24

            SHA256

            3540984fa2bd9c09ba20c19c937a8d2687636cf0355bc991579c8fd02e3db1f7

            SHA512

            60f39b3f73f10e0499addb88aecc80c5293eb267294b85d5afb7b51c361d0e481b03f1aec3ebdce9e557c1014c29327eae35c91b98fe619e0ceb77f6274036c9

            Download Submit

          • /data/user/0/com.heart.mobile/app_DynamicOptDex/dtglRi.json
            Filesize

            483KB

            MD5

            9dca3d8a4cc8e59d161066b70357256a

            SHA1

            68425b4de32dd62dffb734d85021fd49d2fa01be

            SHA256

            196885cbb4288493ed09557ab1e6c93c6ab0cffa0c384265fe0fa7bfe9e70a45

            SHA512

            2deedb739bb888671ff9ab06735174f5fbec882e46f9bd62067208ebbcec787f86c69b7493c6a26141568b616be112d7d1ec9910ab33ef16131fc68d014f64dc

            Download Submit

          • /data/user/0/com.heart.mobile/app_DynamicOptDex/oat/dtglRi.json.cur.prof
            Filesize

            352B

            MD5

            5fe9f4446c9fad00e5ba24f4ac48e865

            SHA1

            e45c209e800428a4074ba44b7642f37780fd7ed7

            SHA256

            cb2e732a6255c779be25d1c77468434814a2552ead802844f14cbe69a2ff1e2c

            SHA512

            7a8c7fa9cf6287b6584b57e144e698970c5cac99ca4143ea11c78a6ceecc45291ce3a28a8a054a4182d782ea9b14b6713d8247d7dc7466731e2436ce4b6dc9b5

            Download Submit

          • /data/user/0/com.heart.mobile/app_apk/ring0.apk
            Filesize

            946KB

            MD5

            a73f108dc1b655252c7e45e5df04d4f6

            SHA1

            8459f380f7ef684e393c4408f7f4ee58c99147c4

            SHA256

            c34367f5395f513b8ee0dedcd5502aed69172e71004a80c1f896ca97e05f4f62

            SHA512

            8f84e47b367fb35a073a31cf41422edccbde99ee126cb37d2df0bddae5e8ca0f5df4d6221930548bfd216f583b2885485d764fd58f73d6a14b9a697b66c58dc4

            Download Submit