Overview

overview

10

Static

static

7

43f7de64b8...48.apk

android-9-x86

10

howtouse.html

android-9-x86

index.html

android-9-x86

index.js

android-9-x86

init.js

android-9-x86

init_2.js

android-9-x86

int_culture.js

android-9-x86

liblogger.so

android-9-x86

libnative-filters.so

android-9-x86

libreact_config.so

android-9-x86

libreact_utils.so

android-9-x86

nativeapiprovider.js

android-9-x86

not.html

android-9-x86

platform.js

android-9-x86

popover.js

android-9-x86

postcss.config.js

android-9-x86

premium.html

android-9-x86

promptbase...api.js

android-9-x86

pronunciation.html

android-9-x86

rollup.config.js

android-9-x86

sandbox.js

android-9-x86

sanitizer.js

android-9-x86

scrollspy.js

android-9-x86

ship.sh

android-9-x86

store-android.js

android-9-x86

t.html

android-9-x86

tab.js

android-9-x86

toast.js

android-9-x86

util.js

android-9-x86

vnu-jar.js

android-9-x86

voice.html

android-9-x86

voice_2.html

android-9-x86

Resubmissions

09-10-2023 22:34

231009-2hkvjaah72 10

09-10-2023 22:08

231009-12p3xsag76 10

Analysis

  • max time kernel
    379241s
  • max time network
    306s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    09-10-2023 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48.apk

  • Size

    4.3MB

  • MD5

    5821d41b75a741cbf411f02eba9e85df

  • SHA1

    6cfc9e0fe629d884e23a40247dfd040f47c511eb

  • SHA256

    43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48

  • SHA512

    ba1edb32d7d65bf6ddb7b6da2553e5898167c5bd4671c1e5da0eab7cdf873a1e018450a4a62a3dbc35aa70e9236c63a36b6b8b103474552b89ff726355acfe4f

  • SSDEEP

    98304:P2HJ6clSJ5WC2SX/Kpym5SBzvq/h/P9/GKJRyHjVmMkfbh1mMXyZYv+Afez8E:+pFZ1cm5SuTexZk91DgYWp

Score
10/10
alienbotbankerevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://wf4sctx9cksg94528o7o.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Removes its main activity from the application launcher 15 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • fr.associated.string
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4185
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/fr.associated.string/app_DynamicOptDex/oat/x86/aZiccBex.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4210

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fr.associated.string/app_DynamicOptDex/aZiccBex.json
    Filesize

    704KB

    MD5

    71ddacd8a2cb40df18134c90a1bb4be2

    SHA1

    293b301ee8eb182182214f1a23c9d50c9dcec727

    SHA256

    7b9a551a5ed085cd9c0d9423e763ff7a51d01fee25b078be7c6e85aefd6c6836

    SHA512

    f12ea753b2066e1d195969efb56cb226476ce7d86d28cf452ec6b087fc6f1786fff4c20282c1a242063dbf7bb52de74d60cafa8d6f9edccfe89d6bb623492aaf

    Download Submit

  • /data/data/fr.associated.string/app_DynamicOptDex/aZiccBex.json
    Filesize

    704KB

    MD5

    c79398dd96dad9fa31b8da95334ef0b9

    SHA1

    98b969ccd2423bd76402fc96baf24704a8a35406

    SHA256

    83c8b8636a889d87c90671c1172dbdef67030bdbd62829a8db1c6372001e72b3

    SHA512

    fe628d0079582bc7ae6f536af76da3d1038fdd715a62a58e254e801b91f7928135b14701bb5960bfe582ea7e88a7f1ec77319f55ed46c0bbc4f2936eaa91d574

    Download Submit

  • /data/data/fr.associated.string/app_DynamicOptDex/oat/aZiccBex.json.cur.prof
    Filesize

    1KB

    MD5

    74b3604313bff37cc2795a8e5641bd94

    SHA1

    fe67e5198b82c48b8f7f8fd6b06c6d5576bd2b7e

    SHA256

    cfe143277e8f83d7fc2ff0a639611a3a2848f3a4969145e491daee15bfc4a6c8

    SHA512

    a245884a1471acfa4135369bba10b066a65f16268a4154b859218861308e21ac72f16f365bce04f5e302a3b4002550854d9f01b2a774b5b4a7e7befcf9fa3ed9

    Download Submit

  • /data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json
    Filesize

    916KB

    MD5

    9d7303454701903d24bf29a1e8a24408

    SHA1

    4df0979ebc2064ceaab58a10ebd93a193a8c3b30

    SHA256

    ae24eef251004b4c48e4c7a7d2d9744120f6acc2f274bf7d605bd80278b4c880

    SHA512

    64ddf3f379bb36487d501b697822f5015285a5e724816a6fdcbfe83fe25d21d22bc621d9c7b9a597a2828d630f4635b045adff86e59600a17a481aa5b81ed019

    Download Submit

  • /data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json
    Filesize

    916KB

    MD5

    0930ec69d81f4b96649d36d7b6f24b90

    SHA1

    349be2cb09fd8974250fe3aa03b54a43ab1da09c

    SHA256

    5d30844dfc43fa7dba25603cde401697fd5c3f857e4f59fded3c41db719ad3de

    SHA512

    0771ec5c54d5c68be8301d5ddbb7ad5904e24f32fc8d1ce6a085410e9985a71653a0e69a3f892868369dbab3c85ebdd5345bb25244f29665f021551f694b3045

    Download Submit