Overview

overview

10

Static

static

7

65f88e03c9...cb.apk

android-9-x86

10

65f88e03c9...cb.apk

android-10-x64

10

65f88e03c9...cb.apk

android-11-x64

10

CheatSheet...s.html

windows7-x64

1

CheatSheet...s.html

windows10-2004-x64

1

CheatSheet...n.html

windows7-x64

1

CheatSheet...n.html

windows10-2004-x64

1

CheatSheet...s.html

windows7-x64

1

CheatSheet...s.html

windows10-2004-x64

1

chartjs-pl...min.js

windows7-x64

1

chartjs-pl...min.js

windows10-2004-x64

1

hammerjs.js

windows7-x64

1

hammerjs.js

windows10-2004-x64

1

jquery-3.4.1.min.js

windows7-x64

1

jquery-3.4.1.min.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    2796336s
  • max time network
    169s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    06-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65f88e03c976323560c6ce136aeccacf227e46fca1a9e81296eea049d8fa2bcb.apk

  • Size

    1.6MB

  • MD5

    7d7025c8675ffe3963f6b4c1674cbe5b

  • SHA1

    ff402a12e36d840a93bbb16fbb4e5a09095e3390

  • SHA256

    65f88e03c976323560c6ce136aeccacf227e46fca1a9e81296eea049d8fa2bcb

  • SHA512

    73e0d06af6ea46bbda4b01caefaab8c25d3e85d900367278be28378874f4ddbbd3c44226ef0d5d19e608bbd3202458549abad1f964d9a4c8bfed91e09f67b459

  • SSDEEP

    49152:4Sfv9A9pkeMNAQQKOK5uF2KWhLYemlwMEJxGW55P2pLFS5:Rf1A7keMNA1K5KkmemlgxGW5opLFe

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://37.148.210.173

rc4.plain

Extracted

Family

alienbot

C2

http://37.148.210.173

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 5 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.clip.shoulder
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4333
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4489
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4610
        • getprop ro.miui.ui.version.name
          2⤵
            PID:4734
          • getprop ro.miui.ui.version.name
            2⤵
              PID:4763

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/user/0/com.clip.shoulder/app_DynamicOptDex/oat/xDrdtlu.json.cur.prof
            Filesize

            345B

            MD5

            eafae8a811bc8b926f22285962e14e92

            SHA1

            3a5c3ef68d49a469a02e6ed3ef21ad9de7483640

            SHA256

            7e4bcadf0d198f6b9b79175843c03dc38ca4b5362b6831afec0b18d3b18748b9

            SHA512

            b8f5c592a971335920617328ac6c9b69121366ba0035601be1e935887b2e50ad10cb20b9161861da6594abfe498be5b62069e876193d4c9cd5a2cd3b57992c72

            Download Submit

          • /data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json
            Filesize

            238KB

            MD5

            966afdf8cdddbd6de72f0b2d30cde02e

            SHA1

            8c91f17f7cfe18fe684d7382cd098a2faf0b3fe8

            SHA256

            6d8f35ca3d2875b7255dbef0d04df7697e884fbb2a5ca0fceef75a00c0375cbf

            SHA512

            fc977a80e296af9e600ce511b0b4758b68072d52b7c40210249b26d97737c774d310a6d449f45555475c01e937d8def3485be5bbc325856cb0475ed9130832cb

            Download Submit

          • /data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json
            Filesize

            238KB

            MD5

            033372e71cfe37afa161932ca1514575

            SHA1

            6ab3eb0a97fefa13be0a0ae2c40d87072e3e28a2

            SHA256

            080a2ace0567038838d754063aea5a7dc60bae013698e9152683247917842841

            SHA512

            c556ab68d506ec2bf107f2f1b65d22634c12d2ebb54652db8941d511d864936c316a41437d47db13be2648e131151f9fbaef44c313ae006108e33c9175d42374

            Download Submit

          • /data/user/0/com.clip.shoulder/app_DynamicOptDex/xDrdtlu.json
            Filesize

            483KB

            MD5

            fef861697d6e865ffd0ac495bba92bc3

            SHA1

            796094bd56f01b637c0165d8d734dc00a9481e4b

            SHA256

            9f81917c797bec5a26abf4ed12dd81f7b22837883182dea970398332af763f42

            SHA512

            fef90c111d11b58dc3a3ef8e50ba362a5d0307adc7d22b83dedbcab765b0926bbf074d7fe6d2a0f36177578432deee6c030b1696492b33b3d5685535d18fa7a8

            Download Submit