Overview

overview

10

Static

static

7

6bf19afb35...c2.apk

android-9-x86

10

6bf19afb35...c2.apk

android-10-x64

10

6bf19afb35...c2.apk

android-11-x64

10

courses_vi...ing.js

windows7-x64

1

courses_vi...ing.js

windows10-2004-x64

1

libbuffer.so

ubuntu-18.04-amd64

libbuffer.so

debian-9-armhf

libbuffer.so

debian-9-mips

libbuffer.so

debian-9-mipsel

libfile_lock.so

ubuntu-18.04-amd64

libfile_lock.so

debian-9-armhf

libfile_lock.so

debian-9-mips

libfile_lock.so

debian-9-mipsel

libnative-filters.so

ubuntu-18.04-amd64

libnative-filters.so

debian-9-armhf

libnative-filters.so

debian-9-mips

libnative-filters.so

debian-9-mipsel

libnpth_dl.so

ubuntu-18.04-amd64

libnpth_dl.so

debian-9-armhf

libnpth_dl.so

debian-9-mips

libnpth_dl.so

debian-9-mipsel

libnpth_logcat.so

ubuntu-18.04-amd64

libnpth_logcat.so

debian-9-armhf

libnpth_logcat.so

debian-9-mips

libnpth_logcat.so

debian-9-mipsel

libspeechengine.so

ubuntu-18.04-amd64

libspeechengine.so

debian-9-armhf

libspeechengine.so

debian-9-mips

libspeechengine.so

debian-9-mipsel

libtraceroute-lib.so

ubuntu-18.04-amd64

libtraceroute-lib.so

debian-9-armhf

libtraceroute-lib.so

debian-9-mips

Analysis

  • max time kernel
    2796423s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    06-11-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6bf19afb35a30eed664695da5da89cb40de5e48eea9a2d6c69b45bfcf91a47c2.apk

  • Size

    1.7MB

  • MD5

    4da61d6c27c249efc85620259be13bac

  • SHA1

    b6956a721bf31f79cbd6d007bfab1ee16802c31d

  • SHA256

    6bf19afb35a30eed664695da5da89cb40de5e48eea9a2d6c69b45bfcf91a47c2

  • SHA512

    f7f758a5d932cb35ce5887d0e9b7c1b74e153bffae7d3fe2b0f444f184d286c2962330348a3d12a19343da76a030200f09404dd141010b7301b2433a7ddd00eb

  • SSDEEP

    49152:ah2aDDwtJtw04TL9p/dimTuFAT5gK+rBXStFjUPzP:s2aHT0Ap/lTKyKVrBXl

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://orgulama.xyz

rc4.plain

Extracted

Family

alienbot

C2

http://orgulama.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 7 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.sail.chuckle
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:4928
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5085
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5133
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5279
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5308
            • getprop ro.miui.ui.version.name
              2⤵
                PID:5350
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:5381

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/data/com.sail.chuckle/app_DynamicOptDex/cX.json
                Filesize

                238KB

                MD5

                c7307504191c35338a1fb78c24c4c3a2

                SHA1

                e7603440cda762b908de3a79429203be9cf312f4

                SHA256

                b245f6ed1f2b14552828edbfd0a5e439e0d9e0b5ba754d180440d22886edc852

                SHA512

                dc761219e432b055c2bcf6ceaf5eedd002bfe9363c603e72695830614e6247d8b747b2213451bef4dbbb1127c3fae16f85abdaf9742419d68720946c85057646

                Download Submit

              • /data/data/com.sail.chuckle/app_DynamicOptDex/cX.json
                Filesize

                238KB

                MD5

                2b87c8db8b321c64f38d0fc3ed10188d

                SHA1

                8c0271853633201883c10b82378ebc1b353c01b1

                SHA256

                4ac244b05b34d82fd620b4f6bf197d9fec53328c6a4e76d4d3925bbc3cd429fa

                SHA512

                a96cf84c308595131fbc09ebb5f8c3dc4e3e1fc7afd03ecb5a360630ed13b4d6c544abc517f6e70fa6614825e45d2062a952a77764ea3b96fe4cfbaa72583762

                Download Submit

              • /data/data/com.sail.chuckle/app_DynamicOptDex/oat/cX.json.cur.prof
                Filesize

                469B

                MD5

                f69cc04708fc46ae17fa78f84bdc4abe

                SHA1

                a724d013399e83b58ae66e5eb38cf80ca2160aef

                SHA256

                2bc1fe52b125a52045920db3c9d7cd55e21f68477d9f32a2243519854c06a22f

                SHA512

                3eab358298a7252d4486c03cd5f241763015ffe060a4da4ed0d47d2ca06f2bf4c2cc1f6df64b05686f215398cad7cbc59b3b907c9ed9bd23ce4ec3bc80987eea

                Download Submit

              • /data/user/0/com.sail.chuckle/app_DynamicOptDex/cX.json
                Filesize

                483KB

                MD5

                5a232af22aa6875cdac8abdba9d38fe8

                SHA1

                5031e7c9a0b8d98b4df574b49e55c5a26f89c8a5

                SHA256

                beab77a17d363c5d01cd9d66c39b8105d66254ae06478d9a5aea5840c428adb3

                SHA512

                a52ac23d8d8c0032c754b446bfe73d16c20e58498a74dbf4bab7637ebfef9cb38c1258e701bc2140c03f2b29a68dc933d8b2e2984e17b020f6135b736109fe9c

                Download Submit