Overview

overview

10

Static

static

7

6bf19afb35...c2.apk

android-9-x86

10

6bf19afb35...c2.apk

android-10-x64

10

6bf19afb35...c2.apk

android-11-x64

10

courses_vi...ing.js

windows7-x64

1

courses_vi...ing.js

windows10-2004-x64

1

libbuffer.so

ubuntu-18.04-amd64

libbuffer.so

debian-9-armhf

libbuffer.so

debian-9-mips

libbuffer.so

debian-9-mipsel

libfile_lock.so

ubuntu-18.04-amd64

libfile_lock.so

debian-9-armhf

libfile_lock.so

debian-9-mips

libfile_lock.so

debian-9-mipsel

libnative-filters.so

ubuntu-18.04-amd64

libnative-filters.so

debian-9-armhf

libnative-filters.so

debian-9-mips

libnative-filters.so

debian-9-mipsel

libnpth_dl.so

ubuntu-18.04-amd64

libnpth_dl.so

debian-9-armhf

libnpth_dl.so

debian-9-mips

libnpth_dl.so

debian-9-mipsel

libnpth_logcat.so

ubuntu-18.04-amd64

libnpth_logcat.so

debian-9-armhf

libnpth_logcat.so

debian-9-mips

libnpth_logcat.so

debian-9-mipsel

libspeechengine.so

ubuntu-18.04-amd64

libspeechengine.so

debian-9-armhf

libspeechengine.so

debian-9-mips

libspeechengine.so

debian-9-mipsel

libtraceroute-lib.so

ubuntu-18.04-amd64

libtraceroute-lib.so

debian-9-armhf

libtraceroute-lib.so

debian-9-mips

Analysis

  • max time kernel
    2796449s
  • max time network
    172s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    06-11-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6bf19afb35a30eed664695da5da89cb40de5e48eea9a2d6c69b45bfcf91a47c2.apk

  • Size

    1.7MB

  • MD5

    4da61d6c27c249efc85620259be13bac

  • SHA1

    b6956a721bf31f79cbd6d007bfab1ee16802c31d

  • SHA256

    6bf19afb35a30eed664695da5da89cb40de5e48eea9a2d6c69b45bfcf91a47c2

  • SHA512

    f7f758a5d932cb35ce5887d0e9b7c1b74e153bffae7d3fe2b0f444f184d286c2962330348a3d12a19343da76a030200f09404dd141010b7301b2433a7ddd00eb

  • SSDEEP

    49152:ah2aDDwtJtw04TL9p/dimTuFAT5gK+rBXStFjUPzP:s2aHT0Ap/lTKyKVrBXl

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://orgulama.xyz

rc4.plain

Extracted

Family

alienbot

C2

http://orgulama.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.sail.chuckle
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4401
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4517
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4714
        • getprop ro.miui.ui.version.name
          2⤵
            PID:4765
          • getprop ro.miui.ui.version.name
            2⤵
              PID:4795
            • getprop ro.miui.ui.version.name
              2⤵
                PID:4823
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:4852
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:4882

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/com.sail.chuckle/app_DynamicOptDex/cX.json
                  Filesize

                  238KB

                  MD5

                  c7307504191c35338a1fb78c24c4c3a2

                  SHA1

                  e7603440cda762b908de3a79429203be9cf312f4

                  SHA256

                  b245f6ed1f2b14552828edbfd0a5e439e0d9e0b5ba754d180440d22886edc852

                  SHA512

                  dc761219e432b055c2bcf6ceaf5eedd002bfe9363c603e72695830614e6247d8b747b2213451bef4dbbb1127c3fae16f85abdaf9742419d68720946c85057646

                  Download Submit

                • /data/user/0/com.sail.chuckle/app_DynamicOptDex/cX.json
                  Filesize

                  238KB

                  MD5

                  2b87c8db8b321c64f38d0fc3ed10188d

                  SHA1

                  8c0271853633201883c10b82378ebc1b353c01b1

                  SHA256

                  4ac244b05b34d82fd620b4f6bf197d9fec53328c6a4e76d4d3925bbc3cd429fa

                  SHA512

                  a96cf84c308595131fbc09ebb5f8c3dc4e3e1fc7afd03ecb5a360630ed13b4d6c544abc517f6e70fa6614825e45d2062a952a77764ea3b96fe4cfbaa72583762

                  Download Submit

                • /data/user/0/com.sail.chuckle/app_DynamicOptDex/cX.json
                  Filesize

                  483KB

                  MD5

                  5a232af22aa6875cdac8abdba9d38fe8

                  SHA1

                  5031e7c9a0b8d98b4df574b49e55c5a26f89c8a5

                  SHA256

                  beab77a17d363c5d01cd9d66c39b8105d66254ae06478d9a5aea5840c428adb3

                  SHA512

                  a52ac23d8d8c0032c754b446bfe73d16c20e58498a74dbf4bab7637ebfef9cb38c1258e701bc2140c03f2b29a68dc933d8b2e2984e17b020f6135b736109fe9c

                  Download Submit

                • /data/user/0/com.sail.chuckle/app_DynamicOptDex/oat/cX.json.cur.prof
                  Filesize

                  340B

                  MD5

                  042df5dd4189a6a29bc45a4d74461997

                  SHA1

                  5f268bcc30476ce7307987686ce76bd6776b5b2c

                  SHA256

                  1d49a6756ce64f19379e33cb9611f29ab80a37251be6480337b22aa93d61d16a

                  SHA512

                  b71f5a638f5062fb2b0772818e71530a34bf3348d7adecf49f14b34fb079f8ef266aa6bbc451cafcea18b145b188c71c7d825784439b8947c9e3a0def22d5ba5

                  Download Submit