Overview

overview

10

Static

static

7

65f88e03c9...cb.apk

android-9-x86

10

65f88e03c9...cb.apk

android-10-x64

10

65f88e03c9...cb.apk

android-11-x64

10

CheatSheet...s.html

windows7-x64

1

CheatSheet...s.html

windows10-2004-x64

1

CheatSheet...n.html

windows7-x64

1

CheatSheet...n.html

windows10-2004-x64

1

CheatSheet...s.html

windows7-x64

1

CheatSheet...s.html

windows10-2004-x64

1

chartjs-pl...min.js

windows7-x64

1

chartjs-pl...min.js

windows10-2004-x64

1

hammerjs.js

windows7-x64

1

hammerjs.js

windows10-2004-x64

1

jquery-3.4.1.min.js

windows7-x64

1

jquery-3.4.1.min.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    2796321s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    06-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65f88e03c976323560c6ce136aeccacf227e46fca1a9e81296eea049d8fa2bcb.apk

  • Size

    1.6MB

  • MD5

    7d7025c8675ffe3963f6b4c1674cbe5b

  • SHA1

    ff402a12e36d840a93bbb16fbb4e5a09095e3390

  • SHA256

    65f88e03c976323560c6ce136aeccacf227e46fca1a9e81296eea049d8fa2bcb

  • SHA512

    73e0d06af6ea46bbda4b01caefaab8c25d3e85d900367278be28378874f4ddbbd3c44226ef0d5d19e608bbd3202458549abad1f964d9a4c8bfed91e09f67b459

  • SSDEEP

    49152:4Sfv9A9pkeMNAQQKOK5uF2KWhLYemlwMEJxGW55P2pLFS5:Rf1A7keMNA1K5KkmemlgxGW5opLFe

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://37.148.210.173

rc4.plain

Extracted

Family

alienbot

C2

http://37.148.210.173

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.clip.shoulder
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4310
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.clip.shoulder/app_DynamicOptDex/oat/x86/xDrdtlu.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4341

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.clip.shoulder/app_DynamicOptDex/oat/xDrdtlu.json.cur.prof
    Filesize

    480B

    MD5

    ba0c7e8332a70b24d46fb2fab5e39b4d

    SHA1

    3425622ff8edc3c464eee84c986052e6e2d09160

    SHA256

    03fb29e3c692c305d81a51eae346c2b71ce275c667a9e5dac850bd61b6b8be49

    SHA512

    aa9db84026613ae4144c9babdabf6d0145ac8fe1effa2121eb20a5b480b35b4fe5583a7efc0c8c967873e147a9e79cab863ce015f872865acb825baeb1fffca8

    Download Submit

  • /data/data/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json
    Filesize

    238KB

    MD5

    966afdf8cdddbd6de72f0b2d30cde02e

    SHA1

    8c91f17f7cfe18fe684d7382cd098a2faf0b3fe8

    SHA256

    6d8f35ca3d2875b7255dbef0d04df7697e884fbb2a5ca0fceef75a00c0375cbf

    SHA512

    fc977a80e296af9e600ce511b0b4758b68072d52b7c40210249b26d97737c774d310a6d449f45555475c01e937d8def3485be5bbc325856cb0475ed9130832cb

    Download Submit

  • /data/data/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json
    Filesize

    238KB

    MD5

    033372e71cfe37afa161932ca1514575

    SHA1

    6ab3eb0a97fefa13be0a0ae2c40d87072e3e28a2

    SHA256

    080a2ace0567038838d754063aea5a7dc60bae013698e9152683247917842841

    SHA512

    c556ab68d506ec2bf107f2f1b65d22634c12d2ebb54652db8941d511d864936c316a41437d47db13be2648e131151f9fbaef44c313ae006108e33c9175d42374

    Download Submit

  • /data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json
    Filesize

    483KB

    MD5

    57774766cbc43d889a671b7d57da2d0b

    SHA1

    b95248e49b4aebb8464be87c39bdec4fc099dc9c

    SHA256

    88b593e978070be1838d17a5a09c45af416bbf02319aa28c6f2ec90873f1cdc0

    SHA512

    eaca6b647a38f38e2d097f4d18c461740fe1763ffdedb4d25c75b4dee8c3aade8c4c68411fbc99590b6aca4f354fbedafd8b862a219279d3397e27c9a773f4de

    Download Submit

  • /data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json
    Filesize

    483KB

    MD5

    fef861697d6e865ffd0ac495bba92bc3

    SHA1

    796094bd56f01b637c0165d8d734dc00a9481e4b

    SHA256

    9f81917c797bec5a26abf4ed12dd81f7b22837883182dea970398332af763f42

    SHA512

    fef90c111d11b58dc3a3ef8e50ba362a5d0307adc7d22b83dedbcab765b0926bbf074d7fe6d2a0f36177578432deee6c030b1696492b33b3d5685535d18fa7a8

    Download Submit