Analysis
-
max time kernel
376923s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20230831-en -
resource tags
-
submitted
09-10-2023 22:00
General
-
Target
636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53.apk
-
Size
2.4MB
-
MD5
eed58d8862fd0b8ff3c297ea02a03f70
-
SHA1
5cee6a82eb3e4b44afddac228d8ea99a707dde95
-
SHA256
636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53
-
SHA512
e9ba99cf3c72ce598d390a288b9dfe0c8a9ad75cd88d5a18fe3bda52ed1166ea5e6c611db958420e6405021106fe016d619a6ce6bf318d474f5104e4bb0fb576
-
SSDEEP
49152:IC17Qkq1/GgY1mevw/I6lz2XNEKvrl6GGViojEe8ZqSbc+tk3X0ghbbTWQrgSoWI:N1HCqIwXNEKxGo0EFqSgeWkw/WQrgs7U
Malware Config
Extracted
alienbot
http://girisapi6117.pw
Extracted
alienbot
http://girisapi6117.pw
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 2 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
Processes
-
com.harvest.deliver1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.harvest.deliver/app_DynamicOptDex/glp.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.harvest.deliver/app_DynamicOptDex/oat/x86/glp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
238KB
MD517c45cefe32eed801a722cf24d43f561
SHA1fd5c288d4fb5dd82d8c39d6d0560eda526b737ae
SHA25646903e7aad0b7467df2d04b0752446d87151027e68f9c744598574bc9484990c
SHA5125c4608900cffc7803ac6ee21c976783e887c0ca39d46c668dad028c9e148b4278dd1241189dc3675044e6fd988c46f2a41e8a45f1493f8773559b93f9fb1d930
-
Filesize
238KB
MD509e1bf9deaa8dd4ac36de22890a1073e
SHA15ac2747b17c321b37cec7d3a68324c741b2bbf86
SHA256269c6ff16107c4182315ad4e1fe37ff14fd7d4c7369ad4d3892b155e24b53ff2
SHA5125cc089ef5ece2be15edcbf42cfaeb640969438e0639f848485e0420e53bb0d93b261ab09f4504b824b1c294174ba4d81c8e114a0c1d479f567f8d6acfe7dcc39
-
Filesize
466B
MD52c6dd5517af0b1ae87757e5a61b4781f
SHA1d7d9cce78af7743698b15b42c94db2abb31ab9f0
SHA2561d4ea1b0bf69743390f8bdf570876aa3512926fc9e3a19bfa95d6c0cc1ba44ff
SHA512c8f2ed0a717a75f00c277fbb205d792b59556ccd3ca5ff18c810a020fb9462a28370d8c80aa1a9d5bf1ea54f7791789f8a20dac7b034253bf73cef5d81fa5ac9
-
Filesize
483KB
MD5a8de378947fbab4bf5b183b9b7fbb9c0
SHA15a74f7142394c803aa8ec882143e9346dd3cf925
SHA2563d34871d6d842d7dff1f0432eba0a58d92be86a44d18856de2dfb7bbba81dfb6
SHA51290f5dd8c280a14f9d77bf8d55733622a07a853d324becec3dda96e11be86829edd03cedd160edcab4a9610cd7dae6aaf8201d22ff16933c15d4f434b9052e614
-
Filesize
483KB
MD5a6f2246722f016eef5a1989024ef6af6
SHA1fd6bfe5782155df1c1bb12120b8fcfecfc2f9be6
SHA2565195e8a6e11a076e0cde874ff2df9055f7e5e14fec679800d6b3601dcd9cb7e4
SHA512b71857e991363972074a4894e3c384b9a5c9c81607e808c822dd0669032d0d7e0cf3f9120fb1d921fc5ab1bfe286c153c00effdd82a1fa564970aa0b9c0a17aa