Overview

overview

10

Static

static

7

5c3698ae03...db.apk

android-9-x86

10

5c3698ae03...db.apk

android-10-x64

10

5c3698ae03...db.apk

android-11-x64

10

165.js

windows7-x64

1

165.js

windows10-2004-x64

1

338.js

windows7-x64

1

338.js

windows10-2004-x64

1

340.js

windows7-x64

1

340.js

windows10-2004-x64

1

341.js

windows7-x64

1

341.js

windows10-2004-x64

1

342.js

windows7-x64

1

342.js

windows10-2004-x64

1

380.js

windows7-x64

1

380.js

windows10-2004-x64

1

381.js

windows7-x64

1

381.js

windows10-2004-x64

1

384.js

windows7-x64

1

384.js

windows10-2004-x64

1

386.js

windows7-x64

1

386.js

windows10-2004-x64

1

387.js

windows7-x64

1

387.js

windows10-2004-x64

1

388.js

windows7-x64

1

388.js

windows10-2004-x64

1

389.js

windows7-x64

1

389.js

windows10-2004-x64

1

392.js

windows7-x64

1

392.js

windows10-2004-x64

1

394.js

windows7-x64

1

394.js

windows10-2004-x64

1

395.js

windows7-x64

1

Analysis

  • max time kernel
    2364223s
  • max time network
    169s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    01-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c3698ae03004b6832f15eb99df5ef302867a49d3226e281f8039fe72ed0f8db.apk

  • Size

    1.5MB

  • MD5

    b7def66ad2e2bd910336485aca48c0d6

  • SHA1

    5729f1e38b53a510edd157286a93e0f270d4780e

  • SHA256

    5c3698ae03004b6832f15eb99df5ef302867a49d3226e281f8039fe72ed0f8db

  • SHA512

    e8424e1777b08fbab8a3336f8122ce43c93a2ca0752d5258430d8c9b16dc4e59d73db37672f042ab8ba716ea587efbd77db77831a5a5c09a09b9d287d03f2261

  • SSDEEP

    49152:8OiW1vcReZzTP9ztjwNizB1+fuVdRwjY/aT:8OvBZwg+fubU

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://bundangayri.com

rc4.plain

Extracted

Family

alienbot

C2

http://bundangayri.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 3 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.hammer.abuse
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4395
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4518
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4640

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/user/0/com.hammer.abuse/app_DynamicOptDex/oat/sddPBX.json.cur.prof
        Filesize

        318B

        MD5

        9f7ee0af892562289835c6f9d20d0cef

        SHA1

        68dc7248de1657af8498ab64983edca7771b1316

        SHA256

        a07d3c48a9377e239bc1e72ce14eec1e54906d4a90c65b77bbdcb3f26d0287e5

        SHA512

        e0636c9cff0b7e0e75f9a123202c10f67f0d86722422410b2a329d4335a7d0908f546139616d1fb9f8dcc537cfedcd21037d4e02724ff9dc3e78e0d64a698906

        Download Submit

      • /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
        Filesize

        238KB

        MD5

        8a84cb4cd62df7053f117c23f79e9340

        SHA1

        ff6a23580b006de7bacc86fbe4eb003b18d985f1

        SHA256

        84ac1990c0d000252436dc44163e3211db9585e2f521268e33bb130890aaf8f9

        SHA512

        822fdbeb236c3f7c680a0fdf926cda6ec7875c07073cd994689329d987175ceda27878456acbd9f3ec95039d4e5c008ae2b36a6acf363424e85c42386fbcbed0

        Download Submit

      • /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
        Filesize

        238KB

        MD5

        62d6cafa163c8dae7594cbfb9785ffb7

        SHA1

        c42ff394c29fe148ec9aae8658b61512375fd7fd

        SHA256

        d68215d4ae0589442ac38b5acbfa3a0d73d7155ebc6168da81e3048d4bd3440b

        SHA512

        bf979ef863aff48474f0416b9639e0b663c90e58f0f08b054b139cdd7b3070c5521604517ab48b2af45069dea2c0ad9dccdf6e00d9edc0865b80f79f2b3e435d

        Download Submit

      • /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
        Filesize

        483KB

        MD5

        3fad4fc6c7fe2d43154b8af5137b109d

        SHA1

        a4627dd6dab4bf7a8af274bf0958455646a8d559

        SHA256

        90b18be5b64da444b7729613d465fa61df61f5000a8052941b3fd9decfa54e4d

        SHA512

        58a9164cf54ca65bf52a79e396299c1b5257596ae919bb98493e5137aa018de6483c8937cb7e4a789e2abb554190395e45a8886b8ea1bff7a3cd90e67f75c18c

        Download Submit