Overview

overview

10

Static

static

7

5c3698ae03...db.apk

android-9-x86

10

5c3698ae03...db.apk

android-10-x64

10

5c3698ae03...db.apk

android-11-x64

10

165.js

windows7-x64

1

165.js

windows10-2004-x64

1

338.js

windows7-x64

1

338.js

windows10-2004-x64

1

340.js

windows7-x64

1

340.js

windows10-2004-x64

1

341.js

windows7-x64

1

341.js

windows10-2004-x64

1

342.js

windows7-x64

1

342.js

windows10-2004-x64

1

380.js

windows7-x64

1

380.js

windows10-2004-x64

1

381.js

windows7-x64

1

381.js

windows10-2004-x64

1

384.js

windows7-x64

1

384.js

windows10-2004-x64

1

386.js

windows7-x64

1

386.js

windows10-2004-x64

1

387.js

windows7-x64

1

387.js

windows10-2004-x64

1

388.js

windows7-x64

1

388.js

windows10-2004-x64

1

389.js

windows7-x64

1

389.js

windows10-2004-x64

1

392.js

windows7-x64

1

392.js

windows10-2004-x64

1

394.js

windows7-x64

1

394.js

windows10-2004-x64

1

395.js

windows7-x64

1

Analysis

  • max time kernel
    2364184s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    01-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c3698ae03004b6832f15eb99df5ef302867a49d3226e281f8039fe72ed0f8db.apk

  • Size

    1.5MB

  • MD5

    b7def66ad2e2bd910336485aca48c0d6

  • SHA1

    5729f1e38b53a510edd157286a93e0f270d4780e

  • SHA256

    5c3698ae03004b6832f15eb99df5ef302867a49d3226e281f8039fe72ed0f8db

  • SHA512

    e8424e1777b08fbab8a3336f8122ce43c93a2ca0752d5258430d8c9b16dc4e59d73db37672f042ab8ba716ea587efbd77db77831a5a5c09a09b9d287d03f2261

  • SSDEEP

    49152:8OiW1vcReZzTP9ztjwNizB1+fuVdRwjY/aT:8OvBZwg+fubU

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://bundangayri.com

rc4.plain

Extracted

Family

alienbot

C2

http://bundangayri.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.hammer.abuse
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4235
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.hammer.abuse/app_DynamicOptDex/oat/x86/sddPBX.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4263

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hammer.abuse/app_DynamicOptDex/oat/sddPBX.json.cur.prof
    Filesize

    482B

    MD5

    b777abdfa52cebbc7d4eed6b86f01546

    SHA1

    d49387703f4e897c28bd7cf30695750adff97b88

    SHA256

    6be7faecd99ecb75aa9b57b4799b763c7bd48cb0dd3b9f5ab3d4469e40474100

    SHA512

    10d012897ab1ee0717336a4255c1ae472e95fb0682829e558d6f45ee3ed3a338922b61072d788c78457096490da140725b44217a4920b1e6d28dfc6b3720e0ff

    Download Submit

  • /data/data/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
    Filesize

    238KB

    MD5

    8a84cb4cd62df7053f117c23f79e9340

    SHA1

    ff6a23580b006de7bacc86fbe4eb003b18d985f1

    SHA256

    84ac1990c0d000252436dc44163e3211db9585e2f521268e33bb130890aaf8f9

    SHA512

    822fdbeb236c3f7c680a0fdf926cda6ec7875c07073cd994689329d987175ceda27878456acbd9f3ec95039d4e5c008ae2b36a6acf363424e85c42386fbcbed0

    Download Submit

  • /data/data/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
    Filesize

    238KB

    MD5

    62d6cafa163c8dae7594cbfb9785ffb7

    SHA1

    c42ff394c29fe148ec9aae8658b61512375fd7fd

    SHA256

    d68215d4ae0589442ac38b5acbfa3a0d73d7155ebc6168da81e3048d4bd3440b

    SHA512

    bf979ef863aff48474f0416b9639e0b663c90e58f0f08b054b139cdd7b3070c5521604517ab48b2af45069dea2c0ad9dccdf6e00d9edc0865b80f79f2b3e435d

    Download Submit

  • /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
    Filesize

    483KB

    MD5

    a9a27905b06d8576c443f23aba195e6b

    SHA1

    770c9456a534045219f22fa6f3a4003545b816fd

    SHA256

    233a73d03446cb87b6a3f72f56465f193fbc0efa1d7abe3bf4bcf371a62d80bf

    SHA512

    db6e8fcc04ca1b2657bc1f2afc720f2e047db6357d23de522aa6cff6d6d589c68c41978193cf6169d65ab5acabb1d25a9b7c9323a11d4c0ecc836378a232a7d3

    Download Submit

  • /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
    Filesize

    483KB

    MD5

    3fad4fc6c7fe2d43154b8af5137b109d

    SHA1

    a4627dd6dab4bf7a8af274bf0958455646a8d559

    SHA256

    90b18be5b64da444b7729613d465fa61df61f5000a8052941b3fd9decfa54e4d

    SHA512

    58a9164cf54ca65bf52a79e396299c1b5257596ae919bb98493e5137aa018de6483c8937cb7e4a789e2abb554190395e45a8886b8ea1bff7a3cd90e67f75c18c

    Download Submit