Overview

overview

10

Static

static

7

d494040139...78.apk

android-9-x86

10

d494040139...78.apk

android-10-x64

10

d494040139...78.apk

android-11-x64

10

medialib.js

windows7-x64

1

medialib.js

windows10-2004-x64

1

mintegral_...t.html

windows7-x64

1

mintegral_...t.html

windows10-2004-x64

1

parse_movie.html

windows7-x64

1

parse_movie.html

windows10-2004-x64

1

parse_online.html

windows7-x64

1

parse_online.html

windows10-2004-x64

1

parse_search.html

windows7-x64

1

parse_search.html

windows10-2004-x64

1

watch_loading.html

windows7-x64

1

watch_loading.html

windows10-2004-x64

1

ytaplayer.html

windows7-x64

1

ytaplayer.html

windows10-2004-x64

1

ytaplayer.js

windows7-x64

1

ytaplayer.js

windows10-2004-x64

1

ytaplayer_...sis.js

windows7-x64

1

ytaplayer_...sis.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3056179s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    09-11-2023 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4940401398aaeac4b523dca648577b1f39646f5942a19d62275df539afaa078.apk

  • Size

    2.4MB

  • MD5

    97b271ea24a9a983d381bf6f43df4e77

  • SHA1

    04ea7bb813711a257949e64621f6110c2a0f3ba1

  • SHA256

    d4940401398aaeac4b523dca648577b1f39646f5942a19d62275df539afaa078

  • SHA512

    cd0c32a7c1f80723d224f7ee17fbff0c8d8903616795a047bc425a9e09cc6c6504d37b2ec303ed791a98ed2c559097ebfec7646b81d062af3a1a524e00e24987

  • SSDEEP

    49152:rq0nLgpDpZ4lXrfXVCw5KvGEgXqV/W68dqPHONkhLCivXr/+d4+daP9KDQNrqMgE:bLgQXLXjoXexOlLCivXr26Om8Q1BgE

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://androidplayprotect.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 3 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    PID:5044
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5231
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5318

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/oat/rlbxJMZ.json.cur.prof
        Filesize

        411B

        MD5

        d6e336c37d4433642f95619dc3b249e7

        SHA1

        4890a284787408eed04b9857274419ac11c1edab

        SHA256

        e6633a6249ade8a33dfd9fd36d3848f5538b9552cd17c0033296422a3d025978

        SHA512

        8685d8fbea4a17e7f74e4856933e307dfab568a038090b6808a93351b942dfa731621ad888b20ff2a2ff457cafc812be41201fff696edcf4fe774ef599ed2500

        Download Submit

      • /data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json
        Filesize

        673KB

        MD5

        94ed43749f0815cd8769018d6e46d52b

        SHA1

        95d9b6e732ca90727e53ad19d4b99f7bdd1f4492

        SHA256

        3c552dd49bf935458d7ac3e572d8f037b25b02b0c06ff4722a42c240fd87dd7c

        SHA512

        bce3f79133f5829156088e25be5f8a337b7beb3ca33d118aa6a7c59bbbb2f100de5e73359924475189a376976f842ac2f93ca2415c7e356b1a470af58eebff73

        Download Submit

      • /data/data/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json
        Filesize

        673KB

        MD5

        aad1c304c9388c9be1982ea100161c30

        SHA1

        546dbe1713151ec62ee42d27701bc8d1417c425c

        SHA256

        2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79

        SHA512

        7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

        Download Submit

      • /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json
        Filesize

        673KB

        MD5

        aad1c304c9388c9be1982ea100161c30

        SHA1

        546dbe1713151ec62ee42d27701bc8d1417c425c

        SHA256

        2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79

        SHA512

        7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

        Download Submit

      • /data/user/0/zjfklmwhkzlm.ejrpibkfullinntk.osjpmnjjbkzdheqjueb/app_DynamicOptDex/rlbxJMZ.json
        Filesize

        673KB

        MD5

        aad1c304c9388c9be1982ea100161c30

        SHA1

        546dbe1713151ec62ee42d27701bc8d1417c425c

        SHA256

        2ab80dd9f16a135754a6fb4916d3485ebc26b174efad9b8719ad106d48b58b79

        SHA512

        7e4ade85719b58bfe0daaf2a1cf4629a65fc1414149b39cbd7cfa9c37835f7fa2bd236b4af24ac7db7a77d9260b40af08dc55e7c16ffd13dae6a4edb3f294d3e

        Download Submit