Overview

overview

10

Static

static

7

45f01f69b0...7e.apk

android-9-x86

10

45f01f69b0...7e.apk

android-10-x64

10

45f01f69b0...7e.apk

android-11-x64

10

libEncryptorP.so

debian-9-armhf

1

libapminsighta.so

debian-9-armhf

1

libapminsightb.so

debian-9-armhf

Analysis

  • max time kernel
    315452s
  • max time network
    143s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    27-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45f01f69b0c5b25a3c90808eb889d4c649087e72668edb90b9d982b2dfcfe87e.apk

  • Size

    1.5MB

  • MD5

    86578d94e97a1043846bda311e04da45

  • SHA1

    1364d63e90796d1d9bdb42a0fe18ae4dbb8c6106

  • SHA256

    45f01f69b0c5b25a3c90808eb889d4c649087e72668edb90b9d982b2dfcfe87e

  • SHA512

    afc60a9f453c2fd0d942c00c443770f465ce66db4059a5f979942aea5efa3e05bf507621d5011747228c4ad47d2a83a11e0935ec44727f2ea09b4f0d92a6b54f

  • SSDEEP

    24576:xrWlX8lXWiPz3K8kNxivwgJrbqFvo4zzuABpIpMvb/YRAC7GnnUOdhvj5a0ekp1R:2Pew2xkPBpJvjC7qUY59/eoFD

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

https://ukalasahne.net

rc4.plain

Extracted

Family

alienbot

C2

https://ukalasahne.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 4 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.warrior.priority
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:5063

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.warrior.priority/app_DynamicOptDex/XfS.json
    Filesize

    238KB

    MD5

    2cfecc18ef54d20cf76d4466e538e892

    SHA1

    74caeef82f43274d5e82aa8f47879827fe8bfbd4

    SHA256

    e485e2ce0aa58e74e7882fa406aeda0b717fde1f64e1f999fce1f7dba1b8cef0

    SHA512

    229d03343b4a960ca2730754be5980ac29e80d82aba58564004d2840e0274929337f664ba76d64b0e8d6ac02c7d75dec888f222cdcfce5aa2921567495e95ac4

    Download Submit

  • /data/data/com.warrior.priority/app_DynamicOptDex/XfS.json
    Filesize

    238KB

    MD5

    593c0ddd4d2d69fa42bd1cf5015eb248

    SHA1

    90530f01fd550a0d51d92a5cf726b26b0e9264a4

    SHA256

    4be618659daa106c1e512dd791b3b6bc396a5802f18f0a3b616304703baa5906

    SHA512

    bcd1988379092cca3e2202bc99410ccf7e2a62285b8fe43d50294c1fe560d76bef3aacfd57900e6edc5f9d8195c5ce5874fd850baf76233a7d8e47d2f1e084e2

    Download Submit

  • /data/data/com.warrior.priority/app_DynamicOptDex/oat/XfS.json.cur.prof
    Filesize

    386B

    MD5

    494a3125457f1fd134010bf31808921f

    SHA1

    2db41323ac85e7c7a277b33855c4e3b7e27253ea

    SHA256

    b2dabf2f12bebe6c13c5befcb16dee937622ca3b9efc1c7e836dab4851ecc061

    SHA512

    5bf03271c9a1573db3e5ac63f6b399c7d26c6a8de882076ff491b90436d7e2f60e6b6f8ffb445c7f28828d6606a7388cc9ad250e99c6b35c0feb38ab5cd8a739

    Download Submit

  • /data/user/0/com.warrior.priority/app_DynamicOptDex/XfS.json
    Filesize

    483KB

    MD5

    eb38e7017072f8078c1662ca8dd7949a

    SHA1

    a31933d2fdb92bb5b0563d25f8151e0023748c90

    SHA256

    848117e1861aa672f0ac10f27bf8a8c3adb032262064e8740f51ccb8f382d65a

    SHA512

    ad5871421bc1e0193e4714d9a8841da818eb8d0e0a0de86b3f9efcdabf2ff61b4aa7de390e11ad695af2e0134c11d0f9c785f91eb6168ca44ae762f01dd1d942

    Download Submit