Overview

overview

10

Static

static

7

636f6e438f...53.apk

android-9-x86

10

636f6e438f...53.apk

android-10-x64

10

636f6e438f...53.apk

android-11-x64

10

1bf84a89-2...c0e.js

windows7-x64

1

1bf84a89-2...c0e.js

windows10-2004-x64

1

ad.html

windows7-x64

1

ad.html

windows10-2004-x64

1

aps-mraid.js

windows7-x64

1

aps-mraid.js

windows10-2004-x64

1

assign_lab...l.html

windows7-x64

1

assign_lab...l.html

windows10-2004-x64

1

blood_gluc...l.html

windows7-x64

1

blood_gluc...l.html

windows10-2004-x64

1

blood_gluc...l.html

windows7-x64

1

blood_gluc...l.html

windows10-2004-x64

1

blood_pres...l.html

windows7-x64

1

blood_pres...l.html

windows10-2004-x64

1

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

diabetes_r...l.html

windows7-x64

1

diabetes_r...l.html

windows10-2004-x64

1

dpr_report.html

windows7-x64

1

dpr_report.html

windows10-2004-x64

1

dtb-m.js

windows7-x64

1

dtb-m.js

windows10-2004-x64

1

edit_insul...l.html

windows7-x64

1

edit_insul...l.html

windows10-2004-x64

1

edit_label...l.html

windows7-x64

1

edit_label...l.html

windows10-2004-x64

1

edit_medic...l.html

windows7-x64

1

edit_medic...l.html

windows10-2004-x64

1

edit_track...l.html

windows7-x64

1

Analysis

  • max time kernel
    376918s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    09-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53.apk

  • Size

    2.4MB

  • MD5

    eed58d8862fd0b8ff3c297ea02a03f70

  • SHA1

    5cee6a82eb3e4b44afddac228d8ea99a707dde95

  • SHA256

    636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53

  • SHA512

    e9ba99cf3c72ce598d390a288b9dfe0c8a9ad75cd88d5a18fe3bda52ed1166ea5e6c611db958420e6405021106fe016d619a6ce6bf318d474f5104e4bb0fb576

  • SSDEEP

    49152:IC17Qkq1/GgY1mevw/I6lz2XNEKvrl6GGViojEe8ZqSbc+tk3X0ghbbTWQrgSoWI:N1HCqIwXNEKxGo0EFqSgeWkw/WQrgs7U

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi6117.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi6117.pw

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 5 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.harvest.deliver
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4649
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4826
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4925
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5045
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5081

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/user/0/com.harvest.deliver/app_DynamicOptDex/glp.json
            Filesize

            238KB

            MD5

            17c45cefe32eed801a722cf24d43f561

            SHA1

            fd5c288d4fb5dd82d8c39d6d0560eda526b737ae

            SHA256

            46903e7aad0b7467df2d04b0752446d87151027e68f9c744598574bc9484990c

            SHA512

            5c4608900cffc7803ac6ee21c976783e887c0ca39d46c668dad028c9e148b4278dd1241189dc3675044e6fd988c46f2a41e8a45f1493f8773559b93f9fb1d930

            Download Submit

          • /data/user/0/com.harvest.deliver/app_DynamicOptDex/glp.json
            Filesize

            238KB

            MD5

            09e1bf9deaa8dd4ac36de22890a1073e

            SHA1

            5ac2747b17c321b37cec7d3a68324c741b2bbf86

            SHA256

            269c6ff16107c4182315ad4e1fe37ff14fd7d4c7369ad4d3892b155e24b53ff2

            SHA512

            5cc089ef5ece2be15edcbf42cfaeb640969438e0639f848485e0420e53bb0d93b261ab09f4504b824b1c294174ba4d81c8e114a0c1d479f567f8d6acfe7dcc39

            Download Submit

          • /data/user/0/com.harvest.deliver/app_DynamicOptDex/glp.json
            Filesize

            483KB

            MD5

            a6f2246722f016eef5a1989024ef6af6

            SHA1

            fd6bfe5782155df1c1bb12120b8fcfecfc2f9be6

            SHA256

            5195e8a6e11a076e0cde874ff2df9055f7e5e14fec679800d6b3601dcd9cb7e4

            SHA512

            b71857e991363972074a4894e3c384b9a5c9c81607e808c822dd0669032d0d7e0cf3f9120fb1d921fc5ab1bfe286c153c00effdd82a1fa564970aa0b9c0a17aa

            Download Submit

          • /data/user/0/com.harvest.deliver/app_DynamicOptDex/oat/glp.json.cur.prof
            Filesize

            316B

            MD5

            ae3e42631f08e495f4fca32f738ba5ac

            SHA1

            3a27bcd65daddea53db818cc85bee3a170456f08

            SHA256

            b7927885f7a68562a0f127a5a84306007967997e55f8fad515ab5321d614d816

            SHA512

            e8f8cff01da8bb8645e452d9da1d8f77ed9bf87f28c926de0681390379ff9a048abcec238d360c30cd63b95ee8b20866e145afc45395e6c9517a423e5f32f191

            Download Submit