Analysis

  • max time kernel
    2796287s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    06-11-2023 22:00

General

  • Target

    7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0.apk

  • Size

    3.1MB

  • MD5

    b1f4cb2c134e42e1c26f333097e17e56

  • SHA1

    7fcfc163fe3f8bf5a54e38fe21ce559d6cafcd40

  • SHA256

    7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0

  • SHA512

    c058f040f08f8ecd89498d0b86d24e6519cb7d46d594e50adcff54d08419eb025d49c3be1cdb4b5362800a574e67c33712046d927c06853f3f54f409aa503783

  • SSDEEP

    49152:h7KMzjB309sF4vt5HW7zDC4SvQvM2rIg5ZNMErWfPzODZTq81hSjA3y:FKck6mV5mCgvM2rT5NrLlBjEAi

Malware Config

Extracted

Family

alienbot

C2

http://buuncanlidersvarmi11.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Cerberus payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 3 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • chef.isolate.task
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    PID:5053
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5253
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5344

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

        Filesize

        718KB

        MD5

        941798c87bc19acf81e9a30c5c9d342d

        SHA1

        9c729d4edf25fdebabe911858ac4d51551946284

        SHA256

        89418d37f636411e97486c68de47965757b31da3a0b481979865c8efb5804fec

        SHA512

        d803a09f708f2834f683a22d3077b41d6b7cc512ba41f777ecde4670d2bc63b4a357ff06699e530bf4c3fdbf0b6fd10a6c33e6c8e4b8015955724bfb3fb19cc0

      • /data/data/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

        Filesize

        718KB

        MD5

        9848f326eb31b8eb6a6aff56e08eaa6f

        SHA1

        475866a598c6c9d049f5ed2ffb3410d98edc7159

        SHA256

        f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779

        SHA512

        cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

      • /data/data/chef.isolate.task/app_DynamicOptDex/oat/fTnEmT.json.cur.prof

        Filesize

        475B

        MD5

        8de620c78836dccee1eb1ada7efb42c0

        SHA1

        02ce40766bd8f0f9b15033e7f9da16f2ddf5624a

        SHA256

        84d23c496050ca17c1336074f21e9f4d48d86c9fe6266246585dce23359b3ab2

        SHA512

        f6c8903f901f846c903107a52d9278802663317160d44bb9f42af7eebde5d1205cc421da33a8066d538726bebf00afb44cfb14249ad1be4f28ab094f52a557f8

      • /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

        Filesize

        718KB

        MD5

        9848f326eb31b8eb6a6aff56e08eaa6f

        SHA1

        475866a598c6c9d049f5ed2ffb3410d98edc7159

        SHA256

        f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779

        SHA512

        cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

      • /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

        Filesize

        718KB

        MD5

        9848f326eb31b8eb6a6aff56e08eaa6f

        SHA1

        475866a598c6c9d049f5ed2ffb3410d98edc7159

        SHA256

        f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779

        SHA512

        cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3