Overview
overview
10Static
static
709c28d864e...ad.apk
android-9-x86
1009c28d864e...ad.apk
android-10-x64
1009c28d864e...ad.apk
android-11-x64
10about1d.html
windows7-x64
1about1d.html
windows10-2004-x64
1about2d.html
windows7-x64
1about2d.html
windows10-2004-x64
1app.2d89045a.js
windows7-x64
1app.2d89045a.js
windows10-2004-x64
1app.html
windows7-x64
1app.html
windows10-2004-x64
1app_get_version.html
windows7-x64
1app_get_version.html
windows10-2004-x64
1aps-mraid.js
windows7-x64
1aps-mraid.js
windows10-2004-x64
1bakchat_privacy.htm
windows7-x64
1bakchat_privacy.htm
windows10-2004-x64
1base.js
windows7-x64
1base.js
windows10-2004-x64
1error.js
windows7-x64
1error.js
windows10-2004-x64
1home.html
windows7-x64
1home.html
windows10-2004-x64
1index.html
windows7-x64
1index.html
windows10-2004-x64
1jquery-history.js
windows7-x64
1jquery-history.js
windows10-2004-x64
1jquery-res...min.js
windows7-x64
1jquery-res...min.js
windows10-2004-x64
1jsbridge.js
windows7-x64
1jsbridge.js
windows10-2004-x64
1libwbsafeedit_64
ubuntu-18.04-amd64
Analysis
-
max time kernel
3400894s -
max time network
171s -
platform
android_x64 -
resource
android-x64-arm64-20231023-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system -
submitted
13-11-2023 22:00
Static task
static1
Behavioral task
behavioral1
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x86-arm-20231023-en
Behavioral task
behavioral2
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x64-20231023.1-en
Behavioral task
behavioral3
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x64-arm64-20231023-en
Behavioral task
behavioral4
Sample
about1d.html
Resource
win7-20231023-en
Behavioral task
behavioral5
Sample
about1d.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral6
Sample
about2d.html
Resource
win7-20231020-en
Behavioral task
behavioral7
Sample
about2d.html
Resource
win10v2004-20231020-en
Behavioral task
behavioral8
Sample
app.2d89045a.js
Resource
win7-20231023-en
Behavioral task
behavioral9
Sample
app.2d89045a.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral10
Sample
app.html
Resource
win7-20231025-en
Behavioral task
behavioral11
Sample
app.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral12
Sample
app_get_version.html
Resource
win7-20231023-en
Behavioral task
behavioral13
Sample
app_get_version.html
Resource
win10v2004-20231020-en
Behavioral task
behavioral14
Sample
aps-mraid.js
Resource
win7-20231023-en
Behavioral task
behavioral15
Sample
aps-mraid.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral16
Sample
bakchat_privacy.htm
Resource
win7-20231020-en
Behavioral task
behavioral17
Sample
bakchat_privacy.htm
Resource
win10v2004-20231020-en
Behavioral task
behavioral18
Sample
base.js
Resource
win7-20231023-en
Behavioral task
behavioral19
Sample
base.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral20
Sample
error.js
Resource
win7-20231023-en
Behavioral task
behavioral21
Sample
error.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral22
Sample
home.html
Resource
win7-20231020-en
Behavioral task
behavioral23
Sample
home.html
Resource
win10v2004-20231025-en
Behavioral task
behavioral24
Sample
index.html
Resource
win7-20231020-en
Behavioral task
behavioral25
Sample
index.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral26
Sample
jquery-history.js
Resource
win7-20231023-en
Behavioral task
behavioral27
Sample
jquery-history.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral28
Sample
jquery-resizable.min.js
Resource
win7-20231023-en
Behavioral task
behavioral29
Sample
jquery-resizable.min.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral30
Sample
jsbridge.js
Resource
win7-20231020-en
Behavioral task
behavioral31
Sample
jsbridge.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral32
Sample
libwbsafeedit_64
Resource
ubuntu1804-amd64-20231026-en
General
-
Target
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
-
Size
3.4MB
-
MD5
f88c7b5245048b8ec686069d09e51b4e
-
SHA1
fb0b1e93c3e9bef83e23dcfa4f7f344daeaacd4d
-
SHA256
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad
-
SHA512
a8c9f4b8546fc93ac4711fd8b3dd8e64c200575a680f99eedc824361599726a9fab182482a8f1fc7ad308fcb830dadedfa7d916b31b4dccfac99f8630121b8d5
-
SSDEEP
49152:OzlRn+EDrtUJsVhHYqS8Vog3VVYEAGFBt5m0jXi3LX5zZk0xGKWY6FM41mMkL+X2:OzlZ7DrtM5q9zYRGFQ8XiT5FkgsQ+m
Malware Config
Extracted
alienbot
http://heycock333.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus payload 3 IoCs
Processes:
resource yara_rule /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json family_cerberus /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json family_cerberus /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json family_cerberus -
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
impact.flight.hobbydescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId impact.flight.hobby Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId impact.flight.hobby -
Processes:
impact.flight.hobbypid process 4339 impact.flight.hobby 4339 impact.flight.hobby 4339 impact.flight.hobby 4339 impact.flight.hobby 4339 impact.flight.hobby 4339 impact.flight.hobby 4339 impact.flight.hobby 4339 impact.flight.hobby -
Acquires the wake lock. 1 IoCs
Processes:
impact.flight.hobbydescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock impact.flight.hobby -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
impact.flight.hobbyioc pid process /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json 4339 impact.flight.hobby /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json 4339 impact.flight.hobby -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes:
impact.flight.hobbydescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS impact.flight.hobby
Processes
-
impact.flight.hobby1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4339 -
getprop ro.miui.ui.version.name2⤵PID:4468
-
getprop ro.miui.ui.version.name2⤵PID:4638
-
getprop ro.miui.ui.version.name2⤵PID:4756
-
getprop ro.miui.ui.version.name2⤵PID:4795
-
getprop ro.miui.ui.version.name2⤵PID:5039
-
getprop ro.miui.ui.version.name2⤵PID:5076
-
getprop ro.miui.ui.version.name2⤵PID:5103
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
622KB
MD55627f76b92fda448488b6f9fb167b835
SHA174f541fa5e1d426f3bb82454334f00d34f7f95c6
SHA256197f023072033f2788068cdd4499d32177d57b88c6f8b925c5bdd64fba34220a
SHA512d5fc43137dbeb77a65b67d39cd4268d56b8c91f2c9973c796aeea04c627368919481669728b859741ac7af1776bc34ccf9bf153a1abe047f6a8e6dbb24060c2a
-
Filesize
622KB
MD585dbcb13f7578dc1ffc8295208846f14
SHA119923aaa392d629af94889b6e8538086716f97dd
SHA25624f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA51242b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8
-
Filesize
622KB
MD585dbcb13f7578dc1ffc8295208846f14
SHA119923aaa392d629af94889b6e8538086716f97dd
SHA25624f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA51242b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8
-
Filesize
622KB
MD585dbcb13f7578dc1ffc8295208846f14
SHA119923aaa392d629af94889b6e8538086716f97dd
SHA25624f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA51242b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8
-
Filesize
348B
MD520c3688b0bc0dde53c677fec02f95dff
SHA16601f98d47016d569eaa2d2cfb166064c1ddd694
SHA256fe1ee68d4439c6ea8c4fcd838237c0b6d527045366cfd866bbfdd735dd29dbc3
SHA512492a34872a901e702fdec19762d01a4934732ad6a8066988bc1f7177e3ea4ff561561fc478db5f2fb3034cfabf445c58be3963733a31c88794aa1e5de7f2e464