Overview

overview

10

Static

static

7

5c3698ae03...db.apk

android-9-x86

10

5c3698ae03...db.apk

android-10-x64

10

5c3698ae03...db.apk

android-11-x64

10

165.js

windows7-x64

1

165.js

windows10-2004-x64

1

338.js

windows7-x64

1

338.js

windows10-2004-x64

1

340.js

windows7-x64

1

340.js

windows10-2004-x64

1

341.js

windows7-x64

1

341.js

windows10-2004-x64

1

342.js

windows7-x64

1

342.js

windows10-2004-x64

1

380.js

windows7-x64

1

380.js

windows10-2004-x64

1

381.js

windows7-x64

1

381.js

windows10-2004-x64

1

384.js

windows7-x64

1

384.js

windows10-2004-x64

1

386.js

windows7-x64

1

386.js

windows10-2004-x64

1

387.js

windows7-x64

1

387.js

windows10-2004-x64

1

388.js

windows7-x64

1

388.js

windows10-2004-x64

1

389.js

windows7-x64

1

389.js

windows10-2004-x64

1

392.js

windows7-x64

1

392.js

windows10-2004-x64

1

394.js

windows7-x64

1

394.js

windows10-2004-x64

1

395.js

windows7-x64

1

Analysis

  • max time kernel
    2364091s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    01-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c3698ae03004b6832f15eb99df5ef302867a49d3226e281f8039fe72ed0f8db.apk

  • Size

    1.5MB

  • MD5

    b7def66ad2e2bd910336485aca48c0d6

  • SHA1

    5729f1e38b53a510edd157286a93e0f270d4780e

  • SHA256

    5c3698ae03004b6832f15eb99df5ef302867a49d3226e281f8039fe72ed0f8db

  • SHA512

    e8424e1777b08fbab8a3336f8122ce43c93a2ca0752d5258430d8c9b16dc4e59d73db37672f042ab8ba716ea587efbd77db77831a5a5c09a09b9d287d03f2261

  • SSDEEP

    49152:8OiW1vcReZzTP9ztjwNizB1+fuVdRwjY/aT:8OvBZwg+fubU

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://bundangayri.com

rc4.plain

Extracted

Family

alienbot

C2

http://bundangayri.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 2 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.hammer.abuse
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:5117
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5284

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
      Filesize

      238KB

      MD5

      8a84cb4cd62df7053f117c23f79e9340

      SHA1

      ff6a23580b006de7bacc86fbe4eb003b18d985f1

      SHA256

      84ac1990c0d000252436dc44163e3211db9585e2f521268e33bb130890aaf8f9

      SHA512

      822fdbeb236c3f7c680a0fdf926cda6ec7875c07073cd994689329d987175ceda27878456acbd9f3ec95039d4e5c008ae2b36a6acf363424e85c42386fbcbed0

      Download Submit

    • /data/data/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
      Filesize

      238KB

      MD5

      62d6cafa163c8dae7594cbfb9785ffb7

      SHA1

      c42ff394c29fe148ec9aae8658b61512375fd7fd

      SHA256

      d68215d4ae0589442ac38b5acbfa3a0d73d7155ebc6168da81e3048d4bd3440b

      SHA512

      bf979ef863aff48474f0416b9639e0b663c90e58f0f08b054b139cdd7b3070c5521604517ab48b2af45069dea2c0ad9dccdf6e00d9edc0865b80f79f2b3e435d

      Download Submit

    • /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
      Filesize

      483KB

      MD5

      3fad4fc6c7fe2d43154b8af5137b109d

      SHA1

      a4627dd6dab4bf7a8af274bf0958455646a8d559

      SHA256

      90b18be5b64da444b7729613d465fa61df61f5000a8052941b3fd9decfa54e4d

      SHA512

      58a9164cf54ca65bf52a79e396299c1b5257596ae919bb98493e5137aa018de6483c8937cb7e4a789e2abb554190395e45a8886b8ea1bff7a3cd90e67f75c18c

      Download Submit