Analysis

  • max time kernel
    3400896s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    13-11-2023 22:00

General

  • Target

    09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk

  • Size

    3.4MB

  • MD5

    f88c7b5245048b8ec686069d09e51b4e

  • SHA1

    fb0b1e93c3e9bef83e23dcfa4f7f344daeaacd4d

  • SHA256

    09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad

  • SHA512

    a8c9f4b8546fc93ac4711fd8b3dd8e64c200575a680f99eedc824361599726a9fab182482a8f1fc7ad308fcb830dadedfa7d916b31b4dccfac99f8630121b8d5

  • SSDEEP

    49152:OzlRn+EDrtUJsVhHYqS8Vog3VVYEAGFBt5m0jXi3LX5zZk0xGKWY6FM41mMkL+X2:OzlZ7DrtM5q9zYRGFQ8XiT5FkgsQ+m

Malware Config

Extracted

Family

alienbot

C2

http://heycock333.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Cerberus payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 8 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • impact.flight.hobby
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:5012
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5161
      • getprop ro.miui.ui.version.name
        2⤵
          PID:5263
        • getprop ro.miui.ui.version.name
          2⤵
            PID:5361
          • getprop ro.miui.ui.version.name
            2⤵
              PID:5387
            • getprop ro.miui.ui.version.name
              2⤵
                PID:5436
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:5472
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:5506

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

                  Filesize

                  622KB

                  MD5

                  5627f76b92fda448488b6f9fb167b835

                  SHA1

                  74f541fa5e1d426f3bb82454334f00d34f7f95c6

                  SHA256

                  197f023072033f2788068cdd4499d32177d57b88c6f8b925c5bdd64fba34220a

                  SHA512

                  d5fc43137dbeb77a65b67d39cd4268d56b8c91f2c9973c796aeea04c627368919481669728b859741ac7af1776bc34ccf9bf153a1abe047f6a8e6dbb24060c2a

                • /data/data/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

                  Filesize

                  622KB

                  MD5

                  85dbcb13f7578dc1ffc8295208846f14

                  SHA1

                  19923aaa392d629af94889b6e8538086716f97dd

                  SHA256

                  24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe

                  SHA512

                  42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

                • /data/data/impact.flight.hobby/app_DynamicOptDex/oat/kmjXC.json.cur.prof

                  Filesize

                  422B

                  MD5

                  54537637c820621e43448e33c2555937

                  SHA1

                  7785895e1dcb845e181aea568f9afe0e50ff22be

                  SHA256

                  e9893251707ff4e2d7658013e894b65a969b9bbd7ed6649ea7a444e26d7051d2

                  SHA512

                  8018fb4fdfa5d0c73301775c5a175b2b116bc0b09ac3891de9b871a578a68e4fa3f57eb2a185140a0cc54c0317dcc723b0c25243de9418e1c6085da2985a54e5

                • /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

                  Filesize

                  622KB

                  MD5

                  85dbcb13f7578dc1ffc8295208846f14

                  SHA1

                  19923aaa392d629af94889b6e8538086716f97dd

                  SHA256

                  24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe

                  SHA512

                  42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

                • /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

                  Filesize

                  622KB

                  MD5

                  85dbcb13f7578dc1ffc8295208846f14

                  SHA1

                  19923aaa392d629af94889b6e8538086716f97dd

                  SHA256

                  24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe

                  SHA512

                  42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8