Analysis

  • max time kernel
    3400894s
  • max time network
    171s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    13-11-2023 22:00

General

  • Target

    09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk

  • Size

    3.4MB

  • MD5

    f88c7b5245048b8ec686069d09e51b4e

  • SHA1

    fb0b1e93c3e9bef83e23dcfa4f7f344daeaacd4d

  • SHA256

    09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad

  • SHA512

    a8c9f4b8546fc93ac4711fd8b3dd8e64c200575a680f99eedc824361599726a9fab182482a8f1fc7ad308fcb830dadedfa7d916b31b4dccfac99f8630121b8d5

  • SSDEEP

    49152:OzlRn+EDrtUJsVhHYqS8Vog3VVYEAGFBt5m0jXi3LX5zZk0xGKWY6FM41mMkL+X2:OzlZ7DrtM5q9zYRGFQ8XiT5FkgsQ+m

Malware Config

Extracted

Family

alienbot

C2

http://heycock333.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Cerberus payload 3 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 8 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

Processes

  • impact.flight.hobby
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4339
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4468
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4638
        • getprop ro.miui.ui.version.name
          2⤵
            PID:4756
          • getprop ro.miui.ui.version.name
            2⤵
              PID:4795
            • getprop ro.miui.ui.version.name
              2⤵
                PID:5039
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:5076
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:5103

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

                  Filesize

                  622KB

                  MD5

                  5627f76b92fda448488b6f9fb167b835

                  SHA1

                  74f541fa5e1d426f3bb82454334f00d34f7f95c6

                  SHA256

                  197f023072033f2788068cdd4499d32177d57b88c6f8b925c5bdd64fba34220a

                  SHA512

                  d5fc43137dbeb77a65b67d39cd4268d56b8c91f2c9973c796aeea04c627368919481669728b859741ac7af1776bc34ccf9bf153a1abe047f6a8e6dbb24060c2a

                • /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

                  Filesize

                  622KB

                  MD5

                  85dbcb13f7578dc1ffc8295208846f14

                  SHA1

                  19923aaa392d629af94889b6e8538086716f97dd

                  SHA256

                  24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe

                  SHA512

                  42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

                • /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

                  Filesize

                  622KB

                  MD5

                  85dbcb13f7578dc1ffc8295208846f14

                  SHA1

                  19923aaa392d629af94889b6e8538086716f97dd

                  SHA256

                  24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe

                  SHA512

                  42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

                • /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

                  Filesize

                  622KB

                  MD5

                  85dbcb13f7578dc1ffc8295208846f14

                  SHA1

                  19923aaa392d629af94889b6e8538086716f97dd

                  SHA256

                  24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe

                  SHA512

                  42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

                • /data/user/0/impact.flight.hobby/app_DynamicOptDex/oat/kmjXC.json.cur.prof

                  Filesize

                  348B

                  MD5

                  20c3688b0bc0dde53c677fec02f95dff

                  SHA1

                  6601f98d47016d569eaa2d2cfb166064c1ddd694

                  SHA256

                  fe1ee68d4439c6ea8c4fcd838237c0b6d527045366cfd866bbfdd735dd29dbc3

                  SHA512

                  492a34872a901e702fdec19762d01a4934732ad6a8066988bc1f7177e3ea4ff561561fc478db5f2fb3034cfabf445c58be3963733a31c88794aa1e5de7f2e464