alienbot | 636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53

Analysis

max time kernel
376919s
max time network
158s
platform
android_x64
resource
android-x64-20230831-en
resource tags

androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
submitted
09-10-2023 22:00

Target

636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53.apk
Size

2.4MB
MD5

eed58d8862fd0b8ff3c297ea02a03f70
SHA1

5cee6a82eb3e4b44afddac228d8ea99a707dde95
SHA256

636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53
SHA512

e9ba99cf3c72ce598d390a288b9dfe0c8a9ad75cd88d5a18fe3bda52ed1166ea5e6c611db958420e6405021106fe016d619a6ce6bf318d474f5104e4bb0fb576
SSDEEP

49152:IC17Qkq1/GgY1mevw/I6lz2XNEKvrl6GGViojEe8ZqSbc+tk3X0ghbbTWQrgSoWI:N1HCqIwXNEKxGo0EFqSgeWkw/WQrgs7U

Score

10^/10

Family

alienbot

http://girisapi6117.pw

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot
Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.harvest.deliver
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.harvest.deliver

Removes its main activity from the application launcher 5 IoCs

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.harvest.deliver

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.harvest.deliver/app_DynamicOptDex/glp.json	5090	com.harvest.deliver

/data/data/com.harvest.deliver/app_DynamicOptDex/glp.json

Filesize
238KB

MD5
17c45cefe32eed801a722cf24d43f561

SHA1
fd5c288d4fb5dd82d8c39d6d0560eda526b737ae

SHA256
46903e7aad0b7467df2d04b0752446d87151027e68f9c744598574bc9484990c

SHA512
5c4608900cffc7803ac6ee21c976783e887c0ca39d46c668dad028c9e148b4278dd1241189dc3675044e6fd988c46f2a41e8a45f1493f8773559b93f9fb1d930

Download Submit
/data/data/com.harvest.deliver/app_DynamicOptDex/glp.json

Filesize
238KB

MD5
09e1bf9deaa8dd4ac36de22890a1073e

SHA1
5ac2747b17c321b37cec7d3a68324c741b2bbf86

SHA256
269c6ff16107c4182315ad4e1fe37ff14fd7d4c7369ad4d3892b155e24b53ff2

SHA512
5cc089ef5ece2be15edcbf42cfaeb640969438e0639f848485e0420e53bb0d93b261ab09f4504b824b1c294174ba4d81c8e114a0c1d479f567f8d6acfe7dcc39

Download Submit
/data/data/com.harvest.deliver/app_DynamicOptDex/oat/glp.json.cur.prof

Filesize
387B

MD5
32979ae316944d6c134a63ad874672dc

SHA1
c3bd8abc85f3239ba0b15d8f41e2fbbb0d27d0cc

SHA256
79ca223f00a751ae7320b85c7e159773967bf0154723a347389fae0a25a3c1da

SHA512
a8aa4d44df087fc8edfcc91883e33c68eb13e8cdcccff6ad7f040ee0c0473bb31f14a5eded2db16761d54d8f7d6b4edd0f81ca59c656e55cca0ed64b3c686f87

Download Submit