Analysis
-
max time kernel
402101s -
max time network
145s -
platform
android_x64 -
resource
android-x64-arm64-20231023-en -
resource tags
-
submitted
28-11-2023 22:01
General
-
Target
c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b.apk
-
Size
1.6MB
-
MD5
78fcc1c848322d1c3a7e3eacf0b323ef
-
SHA1
4acef91590d42560e0a0d07b9ac9efd10fb1a570
-
SHA256
c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b
-
SHA512
ee1b43c712c268d6bc13312618773489229cf8deab12faa057cd13cc9f405f534cd6e9ec48654e377951c749909384117ab3e0e567cb79417fe558ce6ad1fddc
-
SSDEEP
49152:2jUQbGMOlalLHVCKfx+P5N5uFfB4hHLm5QUHDIemZWhLHDS:EUblaxfx85KGhHL1UHcemMFu
Malware Config
Extracted
alienbot
http://talatlarholdngltd.net
Extracted
alienbot
http://talatlarholdngltd.net
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Removes its main activity from the application launcher 8 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
com.suffer.pyramid1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
238KB
MD51bf9e4ca937d18ebf426ee344dad3f6d
SHA1578524562fe6664ffa17b6e240335967b67d8d04
SHA256ce37ef96a2f9202bfef12535dde848b8d4a3de2ac99fb5f18916dbc3b4b887d6
SHA512171ac370a7c82bae3fda5045bbdf2f00dd793ca3ece63a3628c7cc07427c2c2dc39291063902463db73742acfc27c20aae57a3d8829421f6e04350b0c29770ba
-
Filesize
238KB
MD574674cc4c7fb1875cfeadabca7690e05
SHA1566ba420cd73107a01e310e01d573f4225703a82
SHA256e10e6d8e65daf95a9bcf791673a4fb0162f79899f0741c69528b7dcee6933af7
SHA5122fe6190d8661f975aadfa092b1805e100e0fde1eeefd98058c26a1d7cba6c91ed63b4e2d21a25c4c58c4e2e476c1bb4eca87440f840f88efe30567f752e5a513
-
Filesize
483KB
MD597f839ad264807c39a6840292521de0f
SHA15b38c3744e94f11d3b8c4ea87d6366834274e8dc
SHA2562d91e188252ec75e56a37d4042796be50bd5bc39870c81ca6987debdb42da74a
SHA512a8cb4498fa042f7deb40ca3d122f2c7715f2a0b0941486ce9c7cdb3e0bc26599001b047bb47e7114d6d4649d9bb4ae600bd51db3f397dca50259c1fd33ad219e
-
Filesize
318B
MD507202bbcdb426ae399b841845fa02e2e
SHA1fc67e53396bc52eede97fae88a81aa082a55d360
SHA2560c0e101ba1e5456eb6ca6180cf35ec477d5e8aa4569c606c8632ed317faea6a4
SHA5121bf95f18529d157b36259bdab9bf2653db8426c5cbe6adf5d59132e4f27870432907ba4d6341d70603ce4b3efb40c359fddca7b732f9f46907d300e6120ea6d2