Overview

overview

10

Static

static

7

09c28d864e...ad.apk

android-9-x86

10

09c28d864e...ad.apk

android-10-x64

10

09c28d864e...ad.apk

android-11-x64

10

about1d.html

windows7-x64

1

about1d.html

windows10-2004-x64

1

about2d.html

windows7-x64

1

about2d.html

windows10-2004-x64

1

app.2d89045a.js

windows7-x64

1

app.2d89045a.js

windows10-2004-x64

1

app.html

windows7-x64

1

app.html

windows10-2004-x64

1

app_get_version.html

windows7-x64

1

app_get_version.html

windows10-2004-x64

1

aps-mraid.js

windows7-x64

1

aps-mraid.js

windows10-2004-x64

1

bakchat_privacy.htm

windows7-x64

1

bakchat_privacy.htm

windows10-2004-x64

1

base.js

windows7-x64

1

base.js

windows10-2004-x64

1

error.js

windows7-x64

1

error.js

windows10-2004-x64

1

home.html

windows7-x64

1

home.html

windows10-2004-x64

1

index.html

windows7-x64

1

index.html

windows10-2004-x64

1

jquery-history.js

windows7-x64

1

jquery-history.js

windows10-2004-x64

1

jquery-res...min.js

windows7-x64

1

jquery-res...min.js

windows10-2004-x64

1

jsbridge.js

windows7-x64

1

jsbridge.js

windows10-2004-x64

1

libwbsafeedit_64

ubuntu-18.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.bin

  • Size

    3.4MB

  • Sample

    231113-1wpj7sfg38

  • MD5

    f88c7b5245048b8ec686069d09e51b4e

  • SHA1

    fb0b1e93c3e9bef83e23dcfa4f7f344daeaacd4d

  • SHA256

    09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad

  • SHA512

    a8c9f4b8546fc93ac4711fd8b3dd8e64c200575a680f99eedc824361599726a9fab182482a8f1fc7ad308fcb830dadedfa7d916b31b4dccfac99f8630121b8d5

  • SSDEEP

    49152:OzlRn+EDrtUJsVhHYqS8Vog3VVYEAGFBt5m0jXi3LX5zZk0xGKWY6FM41mMkL+X2:OzlZ7DrtM5q9zYRGFQ8XiT5FkgsQ+m

Score
10/10
alienbotcerberusandroidbankerevasioninfostealerlinuxratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://heycock333.com

Targets

    • Target

      09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.bin

    • Size

      3.4MB

    • MD5

      f88c7b5245048b8ec686069d09e51b4e

    • SHA1

      fb0b1e93c3e9bef83e23dcfa4f7f344daeaacd4d

    • SHA256

      09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad

    • SHA512

      a8c9f4b8546fc93ac4711fd8b3dd8e64c200575a680f99eedc824361599726a9fab182482a8f1fc7ad308fcb830dadedfa7d916b31b4dccfac99f8630121b8d5

    • SSDEEP

      49152:OzlRn+EDrtUJsVhHYqS8Vog3VVYEAGFBt5m0jXi3LX5zZk0xGKWY6FM41mMkL+X2:OzlZ7DrtM5q9zYRGFQ8XiT5FkgsQ+m

    Score
    10/10
    alienbotcerberusbankerevasioninfostealerratstealthtrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

      bankertrojaninfostealerevasionratcerberus

    • Cerberus payload

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

    • Target

      about1d.html

    • Size

      445B

    • MD5

      3eb4ad1622faf2b69fc2dcf8f7bd51bd

    • SHA1

      e61891d6cbab9c52ffd25f94007a2ed12119f0ec

    • SHA256

      a898213a2328ba3270055ca3883098f6fc75f6b88c90527d2d8d5d7212f4d5be

    • SHA512

      1e9b0f69cc8ade011c911b995de5e52bcf02dab0153fdebb1a60250cc603693d1ca0c9bd6abf80679834f7bbcf66791bf8ed076ef40f4fd6618223dfacdd8060

    Score
    1/10
    behavioral4behavioral5

    • Target

      about2d.html

    • Size

      500B

    • MD5

      d24878534b76beee9e9d1418bbdf44c1

    • SHA1

      4b0d80de54c5bda3717347047295bb499e9e10c9

    • SHA256

      4d47446de41089c864ae38f6c91296f8b7f0a2f84d8310ee077cd1f8a56f5810

    • SHA512

      e48dbd4d084b43c568bee15854d214920181c750a4b0ebf3ae217f0ec6b73c44c23127a930f38f4630ab8f2dcbcbe2479c82c2b6fe6a336f1c1dfa1fa9b16bf3

    Score
    1/10
    behavioral6behavioral7

    • Target

      app.2d89045a.js

    • Size

      15KB

    • MD5

      53c313f3f5f0ca62bdff13c967cce756

    • SHA1

      71d30877d241e80acf3838836899f428c5f93094

    • SHA256

      55fefd7b10b01cfbbeaf5470a5b5af013b40d77465a79fd514775f77bed68bb5

    • SHA512

      9fce977c9a72c76a5ebc8ea4db5d2912836b995ee1b2405833151ffd112b15f73a7c9d06f60598b161bf8f6a02aea6bcac7bf0318f02c7b2db2267460cf37047

    • SSDEEP

      192:KiBs2UT/XctgOEDeNWc72XTHVkZ3UIncX4JtJBWWFA4Dn9i7VWq:1UT/stxEhcKXT1YdncX4JtjWWFxe

    Score
    1/10
    behavioral8behavioral9

    • Target

      app.html

    • Size

      708B

    • MD5

      63ec4137ec1dddb92fe9a6a6d4837921

    • SHA1

      7fb1d2517bd8ac16df3e9ac77249f6d9b36b32a0

    • SHA256

      f3c0cd68e1a826c4f9c2301bf29aa4c299477cbec2b65e23b0e3c8914a294a1d

    • SHA512

      4fbc2e5751216e12627389c47711788e9f3c172e28e4150d389dbcfb6ce268de1354eac6f12f9ce36ac70dab1c06d3fe85d1233006aab1fef06b186f4fcc4790

    Score
    1/10
    behavioral10behavioral11

    • Target

      app_get_version.html

    • Size

      617B

    • MD5

      9d84ff259a41328bb856984da9def25a

    • SHA1

      25e16b76351ae5a5aa772541a9ced9f9d8b6e115

    • SHA256

      c0b35e30d789b77cf0adac51dffe155b5d5c2541bacf6fd50a4ab8cf169d76d6

    • SHA512

      41d746f102913a2663f344c2127df5010b42611d8ec853261aeded28d98c9b08a133bbfa7e5289e028c670b7964d0227840731ee3b623788dcda2d245227c8a3

    Score
    1/10
    behavioral12behavioral13

    • Target

      aps-mraid.js

    • Size

      10KB

    • MD5

      ba641d5ca2a5017fd68987c6ded60539

    • SHA1

      c42a5765c381aa86584d7e868ac449c1bafcdcb7

    • SHA256

      943ebcd23c85774d0de6b30409b974021b4b83569cd524c5df2d8f397c504f29

    • SHA512

      65e0a4ce7e17e51661570f38d090dba16bfcdb596925bb2800afa422526a115a16edc7762a5b179e806f8144213fa2f1269e87c6cecd8f7c805455f5db2fb447

    • SSDEEP

      192:KiCDJIp5LQHMHP2i69SyLMnbcXn4+r/MH8CGgVHGl2yxSWfVwDE/:KJ+vQHoP2i6XMnCjMcCGgVk2S3NP

    Score
    1/10
    behavioral14behavioral15

    • Target

      bakchat_privacy.htm

    • Size

      2KB

    • MD5

      a6770ff50d114c81becedda6f1d87eed

    • SHA1

      17da909ee817dd59739fbba812e67b1ac13cae06

    • SHA256

      bc48fe6585c55c5a28dc27b6ce581552861a00903c160322aa65d494cf2276fb

    • SHA512

      55ccf1dae715a6bdaa967ecb5781370862251b856f378bed54e7ff884ac3589efc62aa9e43b5d0fb498d136fefac33a090b267a28aaaa21975dd49f2d67ae8a6

    Score
    1/10
    behavioral16behavioral17

    • Target

      base.bundle

    • Size

      3KB

    • MD5

      8798336f40c45168569ecf541dc7e5e5

    • SHA1

      31e31f7e2116b320f1f17a673ccfbf0ec51a3091

    • SHA256

      4531d092f42a39e8fd6fccdcdba3d290c07d86afd415db39a7be84026e8b0399

    • SHA512

      121521cf01bc68499fdb1d62a6f0afe2c986cac048f7412f5488f8c1dbc4a83842fb1fbb76e3197c44e220809d79dcdf57c9aa44d2fdda590aaee61bd750cc6c

    Score
    1/10
    behavioral18behavioral19

    • Target

      error.js

    • Size

      18KB

    • MD5

      83dd8b19612dd3ebc52c844b21592484

    • SHA1

      56013ae05f8d16c0e1623c2b53013c8d5a446e70

    • SHA256

      ed4ecad508cd17af5e9cc281d4027d0e67bb8f608e893510b0dc7ba871b19210

    • SHA512

      cb6b4e77a1e070f2c7e59db716bcb758e49a12a39b7586af8549674f0f72560b65533dcb6380686ee028970e46cfc4079f3eacf73fcf96964afbb19366f010af

    • SSDEEP

      384:4NWkQ+0CAoczhnTnZupX59oeLZObP87NLz31mG:Y9A3TZunieLZQP87Fz31mG

    Score
    1/10
    behavioral20behavioral21

    • Target

      home.html

    • Size

      961B

    • MD5

      7a7c1cac34e5dde738b3144357d4d3f4

    • SHA1

      d1b424fe378e31bd0b2756bb4b2ec4c1abdc5ead

    • SHA256

      d0958684186bad6c940d42e88ab3e4ceb6557f8d22bf131f2e09117c0ba86c55

    • SHA512

      81696cb5db06e0ab017a8aae4d14d84fb63c648a39f30aabbdf8287bc45fa40be5f3ab0500c221b8fab12f713ad7c066527f2f2a3b3fdfb78f24689388a65cb8

    Score
    1/10
    behavioral22behavioral23

    • Target

      index.html

    • Size

      631B

    • MD5

      99f22509a1966facd2ccd8b7b52b5a6c

    • SHA1

      d91bc81dcf8f0b518969acd74078d2fd99e2ccd2

    • SHA256

      f14efc734f1f03b9e6eafa918da4d46a19e56074454a1ccf70db113229d8a5f3

    • SHA512

      5a289ef7b231b294d3e44c98f6b62f06cd1521ff68be57d77d5fea8c2e6b2f966ba03c2193b8005b90b4b9865e904681f0569ba843744b155e6a71e2c9d67ac1

    Score
    1/10
    behavioral24behavioral25

    • Target

      jquery-history.js

    • Size

      2KB

    • MD5

      18e460cf1a029b9ac3d435a7756a2a67

    • SHA1

      15c0a4cced79979908bc8c5a44a9486aaa470f20

    • SHA256

      150cc3da2d149d6a9eeead9b13cfa3c1b308d4c952e933b36b6dc473280e91ec

    • SHA512

      f86eceba805965f1d8c25ae469d21bece77d60c267a2c30bf4416a44d371cad6d5eecb3963a1857dc6b7a82a0a99c7bf116b979a9e6b0b32986badea0aa22f01

    Score
    1/10
    behavioral26behavioral27

    • Target

      jquery-resizable.min.js

    • Size

      81KB

    • MD5

      8a6fc669f3c5aca24454c43eeabac61b

    • SHA1

      4cbbba0f5023c19920562732247f8133d30134c7

    • SHA256

      916f04e1099636f38d0293333bc9013f8cec34396bfb854a87aafab53fcaad7d

    • SHA512

      bcb078a332c116c01168d29a94172de969e95bb0ef61fba225e5e3092c3d1fce5a894dfb563b66a82d239afb01e6e8da383aed47d0543251fdfb512ae81a06ec

    • SSDEEP

      1536:+vnXSI+9Escogo5uW8xbm5sIacSs0DEHUjnqTDUBu6VCdZWX2TVg0I0aF9q3LOpI:w8gdzIF0oDUstZ7cI

    Score
    1/10
    behavioral28behavioral29

    • Target

      jsbridge.js

    • Size

      3KB

    • MD5

      e843ee73b3faa79b107386eb6051956e

    • SHA1

      77e053be2b351dbb362b204172184a3c14ab63c0

    • SHA256

      077ce886dd337019573f244cf3515d3b5f13a6b78030eabc21c1168244afcec8

    • SHA512

      c01a5ef06f02e4c47bd590076e00da1b971d92f0443744748a508f8f9fe8ab146a3c820a4124911d3cfd5474b850e310bd8f5ec72f8c47697f06ef5d3a29b5d9

    Score
    1/10
    behavioral30behavioral31

    • Target

      libwbsafeedit_64

    • Size

      13KB

    • MD5

      3339e2b5034c29794f1169824562f60b

    • SHA1

      dc61167f3368380d59a64d7293970aabefcf7ee9

    • SHA256

      7a550b0214bf021ef32f4b53e4f988299e0d5fdad72603b5bb4e4f723aab0d4b

    • SHA512

      bf9c3b6ffe8a1b7d63a07cb5d02a7a1825e0a2736bdc7e119e978236a31296e1d0c8ad7dfab255de42b32568f86560bbb323a4a88b7c8d3428ef22ad051859f2

    • SSDEEP

      192:7V3SAyMb869qMOvsDpbvcg0OSWmNyExd4ieIXhQ:79SAymqMsUbuObS3Q

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
7/10

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10