Overview

overview

10

Static

static

7

c4ac30e739...2b.apk

android-9-x86

10

c4ac30e739...2b.apk

android-10-x64

10

c4ac30e739...2b.apk

android-11-x64

10

CheatSheet...s.html

windows7-x64

1

CheatSheet...s.html

windows10-2004-x64

1

CheatSheet...n.html

windows7-x64

1

CheatSheet...n.html

windows10-2004-x64

1

CheatSheet...s.html

windows7-x64

1

CheatSheet...s.html

windows10-2004-x64

1

chartjs-pl...min.js

windows7-x64

1

chartjs-pl...min.js

windows10-2004-x64

1

hammerjs.js

windows7-x64

1

hammerjs.js

windows10-2004-x64

1

jquery-3.4.1.min.js

windows7-x64

1

jquery-3.4.1.min.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    402086s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    28-11-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b.apk

  • Size

    1.6MB

  • MD5

    78fcc1c848322d1c3a7e3eacf0b323ef

  • SHA1

    4acef91590d42560e0a0d07b9ac9efd10fb1a570

  • SHA256

    c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b

  • SHA512

    ee1b43c712c268d6bc13312618773489229cf8deab12faa057cd13cc9f405f534cd6e9ec48654e377951c749909384117ab3e0e567cb79417fe558ce6ad1fddc

  • SSDEEP

    49152:2jUQbGMOlalLHVCKfx+P5N5uFfB4hHLm5QUHDIemZWhLHDS:EUblaxfx85KGhHL1UHcemMFu

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://talatlarholdngltd.net

rc4.plain

Extracted

Family

alienbot

C2

http://talatlarholdngltd.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.suffer.pyramid
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4273
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.suffer.pyramid/app_DynamicOptDex/ZYtHu.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.suffer.pyramid/app_DynamicOptDex/oat/x86/ZYtHu.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4301

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.suffer.pyramid/app_DynamicOptDex/ZYtHu.json
    Filesize

    238KB

    MD5

    1bf9e4ca937d18ebf426ee344dad3f6d

    SHA1

    578524562fe6664ffa17b6e240335967b67d8d04

    SHA256

    ce37ef96a2f9202bfef12535dde848b8d4a3de2ac99fb5f18916dbc3b4b887d6

    SHA512

    171ac370a7c82bae3fda5045bbdf2f00dd793ca3ece63a3628c7cc07427c2c2dc39291063902463db73742acfc27c20aae57a3d8829421f6e04350b0c29770ba

    Download Submit

  • /data/data/com.suffer.pyramid/app_DynamicOptDex/ZYtHu.json
    Filesize

    238KB

    MD5

    74674cc4c7fb1875cfeadabca7690e05

    SHA1

    566ba420cd73107a01e310e01d573f4225703a82

    SHA256

    e10e6d8e65daf95a9bcf791673a4fb0162f79899f0741c69528b7dcee6933af7

    SHA512

    2fe6190d8661f975aadfa092b1805e100e0fde1eeefd98058c26a1d7cba6c91ed63b4e2d21a25c4c58c4e2e476c1bb4eca87440f840f88efe30567f752e5a513

    Download Submit

  • /data/data/com.suffer.pyramid/app_DynamicOptDex/oat/ZYtHu.json.cur.prof
    Filesize

    448B

    MD5

    864aae4c97f87934d579c553a3105f3a

    SHA1

    5e80e089272c954780d30022a60931b420353808

    SHA256

    54c1ed78300e259942cecd78269730721142c7cb048e518c8fecec3a2796c88e

    SHA512

    0b1d361f151c656bff9595bb8ce891449f53f4c0314725b8f1574ba2cc44830fea1c9d3512aab9b777a0bb221796002ea36df2e4d6af7620ec8e961d78cc6cb4

    Download Submit

  • /data/user/0/com.suffer.pyramid/app_DynamicOptDex/ZYtHu.json
    Filesize

    483KB

    MD5

    191b0881a932d09abde5dcc2c8c4a73e

    SHA1

    c31a10d8589fff471150a576f24e7ea1e4ff0ecf

    SHA256

    5849888a7096b1e561d82d2844282f356ee3f0af93f48e94c7de0505b7147e4c

    SHA512

    5ac0e9764d51b5c907cd71b42dc27d20bc7de6d0f3153ca19b9da8e6d401ef233090245636c8b734b129107cbf4f399387c847c240b1d5b2fdc4619d544916b3

    Download Submit

  • /data/user/0/com.suffer.pyramid/app_DynamicOptDex/ZYtHu.json
    Filesize

    483KB

    MD5

    97f839ad264807c39a6840292521de0f

    SHA1

    5b38c3744e94f11d3b8c4ea87d6366834274e8dc

    SHA256

    2d91e188252ec75e56a37d4042796be50bd5bc39870c81ca6987debdb42da74a

    SHA512

    a8cb4498fa042f7deb40ca3d122f2c7715f2a0b0941486ce9c7cdb3e0bc26599001b047bb47e7114d6d4649d9bb4ae600bd51db3f397dca50259c1fd33ad219e

    Download Submit