Overview

overview

10

Static

static

7

2d369c8fd7...ea.apk

android-9-x86

10

2d369c8fd7...ea.apk

android-10-x64

10

2d369c8fd7...ea.apk

android-11-x64

10

ad.html

windows7-x64

1

ad.html

windows10-2004-x64

1

disney.js

windows7-x64

1

disney.js

windows10-2004-x64

1

googlephoto.js

windows7-x64

1

googlephoto.js

windows10-2004-x64

1

hbomax.js

windows7-x64

1

hbomax.js

windows10-2004-x64

1

netflix.js

windows7-x64

1

netflix.js

windows10-2004-x64

1

web.js

windows7-x64

1

web.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3980692s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    01-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d369c8fd70cb536d9a80714cd1b89e28a811dc07da92694b41de4643f3e1cea.apk

  • Size

    1.8MB

  • MD5

    e342007c492cef71303b65ce9d75914b

  • SHA1

    f7a4862e859503facae246d22a67dea54f060d7a

  • SHA256

    2d369c8fd70cb536d9a80714cd1b89e28a811dc07da92694b41de4643f3e1cea

  • SHA512

    b30e7422b05b97170f7e4c5a413c5490ecbf17a567ad0b5533c3155f568f55ea5d73830c77b4c953a6da98a60b293eec76a7836f7d172928cf25bc02fd71f3c5

  • SSDEEP

    49152:2bPD/YplMZKRYEPN3n0+gzjj3PgS+BbbWc/eg44E8:2bPD2lMZeYEPlYPj6Wc/eg5

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://nabsaktalazimolmasada.shop

rc4.plain

Extracted

Family

alienbot

C2

http://nabsaktalazimolmasada.shop

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 3 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.moon.true
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:5037
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5168
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5255

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.moon.true/app_DynamicOptDex/oat/rQ.json.cur.prof
        Filesize

        389B

        MD5

        b106ba9778a9c057c96a3d15bdeb1a1f

        SHA1

        f91cab4cf20e8b0014b0489dae6e0f6b18989aa2

        SHA256

        9bdb6286e5f4e1f2e37c56245958118adf421521bd6fd8aa41208fdbd39e3b56

        SHA512

        d7c64de869f283ff8b1201f9749ae9dd4d80cec1628d848befb4db0fbe0ca1a1a839aba4b1766e603dc8e5d41ee4f4f18d37b224ae39377f15c10112aacf770b

        Download Submit

      • /data/data/com.moon.true/app_DynamicOptDex/rQ.json
        Filesize

        238KB

        MD5

        6fb8ba66cf8aeacee671ae474865a51e

        SHA1

        de6fa27c36ecad735736b747ee8a035d1b031f32

        SHA256

        e60b1de379d80488bf619958b462733f9b22ec5926a8d31034694b5122a198ab

        SHA512

        c3faa7b0ba3a8a9539248c291f8e5cbe04d863ddb992bbf97ef17a82045245f549e29c6e0f09cec32e7e9ba227b6a79510a0cd1c61ba2dd0cd290ebace62cbed

        Download Submit

      • /data/data/com.moon.true/app_DynamicOptDex/rQ.json
        Filesize

        238KB

        MD5

        2c5a378441355d9173d817dca49a84bb

        SHA1

        eadf5be3fa7f4da858c46640c221cad9dc008b4c

        SHA256

        9f15710a1c9ebc5c8cb05cc14252a091d2afdf76fbce521e381b8c5a0711e140

        SHA512

        bf2b794b3d679031bc827813842c9000b5df02935eb43b3995a83dfcc4d8ea3eeafcc56d5f8cb987adbfc1d1b7a2e5a339f9dc4ddcc7c7b748fc3bfc04d6801d

        Download Submit

      • /data/user/0/com.moon.true/app_DynamicOptDex/rQ.json
        Filesize

        482KB

        MD5

        f877f9d2fd8133ce4707187dee4a3c80

        SHA1

        d26c958380eee1cd87deb505bb680fd2112263ab

        SHA256

        07acc87fd76a418b59c0528a197bfea276be078b3276366a647adaa4b633ac4b

        SHA512

        56af9a4f7c865874abd7e8f7e85a22e135463c99578d534f7a63f2f91a39db8e00c0ca62644bf46de612513e7bb74f90e083b6d2a87b3342665f301c077f7589

        Download Submit