alienbot | 65f88e03c976323560c6ce136aeccacf227e46fca1a9e81296eea049d8fa2bcb

Analysis

max time kernel
2796164s
max time network
166s
platform
android_x64
resource
android-x64-20231023.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
submitted
06-11-2023 22:00

Target

65f88e03c976323560c6ce136aeccacf227e46fca1a9e81296eea049d8fa2bcb.apk
Size

1.6MB
MD5

7d7025c8675ffe3963f6b4c1674cbe5b
SHA1

ff402a12e36d840a93bbb16fbb4e5a09095e3390
SHA256

65f88e03c976323560c6ce136aeccacf227e46fca1a9e81296eea049d8fa2bcb
SHA512

73e0d06af6ea46bbda4b01caefaab8c25d3e85d900367278be28378874f4ddbbd3c44226ef0d5d19e608bbd3202458549abad1f964d9a4c8bfed91e09f67b459
SSDEEP

49152:4Sfv9A9pkeMNAQQKOK5uF2KWhLYemlwMEJxGW55P2pLFS5:Rf1A7keMNA1K5KkmemlgxGW5opLFe

Score

10^/10

Family

alienbot

http://37.148.210.173

rc4.plain

Family

alienbot

http://37.148.210.173

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot
Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Cerberus payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json	family_cerberus

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.clip.shoulder

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.clip.shoulder
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.clip.shoulder

Removes its main activity from the application launcher 2 IoCs
stealth trojan

Processes:

com.clip.shoulder

pid process

5155 com.clip.shoulder
5155 com.clip.shoulder
Acquires the wake lock. 1 IoCs

Processes:

com.clip.shoulder

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.clip.shoulder
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.clip.shoulder

ioc pid process

/data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json 5155 com.clip.shoulder

pid	process
5155	com.clip.shoulder
5155	com.clip.shoulder

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.clip.shoulder

ioc	pid	process
/data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json	5155	com.clip.shoulder

/data/data/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json

Filesize
238KB

MD5
966afdf8cdddbd6de72f0b2d30cde02e

SHA1
8c91f17f7cfe18fe684d7382cd098a2faf0b3fe8

SHA256
6d8f35ca3d2875b7255dbef0d04df7697e884fbb2a5ca0fceef75a00c0375cbf

SHA512
fc977a80e296af9e600ce511b0b4758b68072d52b7c40210249b26d97737c774d310a6d449f45555475c01e937d8def3485be5bbc325856cb0475ed9130832cb

Download Submit
/data/data/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json

Filesize
238KB

MD5
033372e71cfe37afa161932ca1514575

SHA1
6ab3eb0a97fefa13be0a0ae2c40d87072e3e28a2

SHA256
080a2ace0567038838d754063aea5a7dc60bae013698e9152683247917842841

SHA512
c556ab68d506ec2bf107f2f1b65d22634c12d2ebb54652db8941d511d864936c316a41437d47db13be2648e131151f9fbaef44c313ae006108e33c9175d42374

Download Submit
/data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json

Filesize
483KB

MD5
fef861697d6e865ffd0ac495bba92bc3

SHA1
796094bd56f01b637c0165d8d734dc00a9481e4b

SHA256
9f81917c797bec5a26abf4ed12dd81f7b22837883182dea970398332af763f42

SHA512
fef90c111d11b58dc3a3ef8e50ba362a5d0307adc7d22b83dedbcab765b0926bbf074d7fe6d2a0f36177578432deee6c030b1696492b33b3d5685535d18fa7a8

Download Submit