Analysis

  • max time kernel
    402094s
  • max time network
    152s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    28-11-2023 22:01

General

  • Target

    c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b.apk

  • Size

    1.6MB

  • MD5

    78fcc1c848322d1c3a7e3eacf0b323ef

  • SHA1

    4acef91590d42560e0a0d07b9ac9efd10fb1a570

  • SHA256

    c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b

  • SHA512

    ee1b43c712c268d6bc13312618773489229cf8deab12faa057cd13cc9f405f534cd6e9ec48654e377951c749909384117ab3e0e567cb79417fe558ce6ad1fddc

  • SSDEEP

    49152:2jUQbGMOlalLHVCKfx+P5N5uFfB4hHLm5QUHDIemZWhLHDS:EUblaxfx85KGhHL1UHcemMFu

Malware Config

Extracted

Family

alienbot

C2

http://talatlarholdngltd.net

rc4.plain

Extracted

Family

alienbot

C2

http://talatlarholdngltd.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Removes its main activity from the application launcher 8 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.suffer.pyramid
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:4919

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.suffer.pyramid/app_DynamicOptDex/ZYtHu.json

    Filesize

    238KB

    MD5

    1bf9e4ca937d18ebf426ee344dad3f6d

    SHA1

    578524562fe6664ffa17b6e240335967b67d8d04

    SHA256

    ce37ef96a2f9202bfef12535dde848b8d4a3de2ac99fb5f18916dbc3b4b887d6

    SHA512

    171ac370a7c82bae3fda5045bbdf2f00dd793ca3ece63a3628c7cc07427c2c2dc39291063902463db73742acfc27c20aae57a3d8829421f6e04350b0c29770ba

  • /data/data/com.suffer.pyramid/app_DynamicOptDex/ZYtHu.json

    Filesize

    238KB

    MD5

    74674cc4c7fb1875cfeadabca7690e05

    SHA1

    566ba420cd73107a01e310e01d573f4225703a82

    SHA256

    e10e6d8e65daf95a9bcf791673a4fb0162f79899f0741c69528b7dcee6933af7

    SHA512

    2fe6190d8661f975aadfa092b1805e100e0fde1eeefd98058c26a1d7cba6c91ed63b4e2d21a25c4c58c4e2e476c1bb4eca87440f840f88efe30567f752e5a513

  • /data/data/com.suffer.pyramid/app_DynamicOptDex/oat/ZYtHu.json.cur.prof

    Filesize

    451B

    MD5

    bb248de5024be5b7f9e53b900b2e23a9

    SHA1

    bf9d38a5aaad7d9a887975affb13cb5cd1bfd74e

    SHA256

    c99b36cb4bf557a3fafe38998afae0ab4c205543dc7c063198b6a4dceeca8480

    SHA512

    163a45dce9aa053b3ae1470015e3795f69da25b702ed4dd00b732f4335ee7dde53e3df4e8efe16fb40398bb151513abd0032cba434ef2c3269790a2c7ceb3974

  • /data/user/0/com.suffer.pyramid/app_DynamicOptDex/ZYtHu.json

    Filesize

    483KB

    MD5

    97f839ad264807c39a6840292521de0f

    SHA1

    5b38c3744e94f11d3b8c4ea87d6366834274e8dc

    SHA256

    2d91e188252ec75e56a37d4042796be50bd5bc39870c81ca6987debdb42da74a

    SHA512

    a8cb4498fa042f7deb40ca3d122f2c7715f2a0b0941486ce9c7cdb3e0bc26599001b047bb47e7114d6d4649d9bb4ae600bd51db3f397dca50259c1fd33ad219e