Analysis
-
max time kernel
920325s -
max time network
133s -
platform
android_x86 -
resource
android-x86-arm-20231023-en -
resource tags
-
submitted
04-12-2023 22:00
General
-
Target
23b3e076cdab5b50881f23a26a0f7d1d64b600ea5a8856da2a4f3adab81203a6.apk
-
Size
1.9MB
-
MD5
646587934709574ea4f9b1fab6e6a9bf
-
SHA1
49928e81110adc671b33191b49058709def46c07
-
SHA256
23b3e076cdab5b50881f23a26a0f7d1d64b600ea5a8856da2a4f3adab81203a6
-
SHA512
14797057550ee09330357c6793889cccb94680376f356221d2329582ac601f71631107d370cbfd42acdc0b2fd28caee1adc72b0cf565f9727864696af052b664
-
SSDEEP
49152:EZEf0UOWjhOs8KuVWU86zAIrw2xXA44udBaxC2qHhzG:E+cURAsoVWUbUIrwEXA44u3ax1ozG
Malware Config
Extracted
alienbot
http://bpargastasyas.ml
Extracted
alienbot
http://bpargastasyas.ml
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 2 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
Processes
-
com.side.husband1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.side.husband/app_DynamicOptDex/mfOdosA.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.side.husband/app_DynamicOptDex/oat/x86/mfOdosA.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
238KB
MD55e3e44c7b57c1ec0357ea6890e91eb07
SHA1197f55b788d78f7e74861c31d05bf9eea285ad03
SHA25613a58f8173e217ce1a5b46d552ddfb3c3e2e04b6d7c44c6cd3a211b83850e061
SHA512b9414faab533bd6a7fe4e62217779b831e888f64182d7d43faa5a70e9cf27433daf7340305c3ecc9d905b887b9e818f37310729bae0a6d53e7b25cd059d7a35c
-
Filesize
238KB
MD5165cff3acd86133745c2bfbf7fea8f89
SHA1f507a90d90e19f8639c1f05bd0fbdc6dde975280
SHA256a8f157ac47912dfb4bab7c7895dbf6d7abe3b963e51f9062d66d92ce0ee832fc
SHA512a6a20013972c0e327264ea932911e4fa11dda795ebfdd8cb763b8beba6dab4b9766a669deb4bf707680d5a2cb1aaa8838948c98acaa9fbbf577b715c038733d8
-
Filesize
447B
MD599b09cb11f05d1d9312e0b25340bc1b3
SHA14f7b8f64d224cde6b40160325b602fd87abf7a2e
SHA2563ff696b0e3dc9106638109ae1b20689f8f1c50c3df5792975401305b04084c3a
SHA512c48aa2e8f1e291571d6217b6f54ac5f9d63650d904a85083cfc843cdcc335d901cca0c69e11dd38e81ef53b277b0753c7ac7e1fea2f82917b43ed8719dcacef8
-
Filesize
483KB
MD571c46fd2fecee9eda372ed4dd410e13e
SHA19f4f16d3572e4218047d5c48fa425a5cd16247b4
SHA25686e90910a7579bb45649cfef0bcf24c8c6d6dbd24cb9009ba402a8a21ac391f4
SHA512e62874e7daa03b5a47d01d7db3e3d82e0e77bcb50272b6662b2a9b9630045624f8268f942afa2c346cb693bcbbbfcae2179b74e918a0f692eb8677d6588ed8db
-
Filesize
483KB
MD58ea5dae61ca0889417db86ff26fea3ee
SHA185c9bc2f074bc5450af76d0acafb1f27939e22b9
SHA25669c7ae04bc1ecc5217f1a3eef149382edc589ce183d4b5062193c2f8974c7690
SHA512c55fdaf2af279a525b507e2a7aa2d2a5e771bcb872fb8ce4eeca626078475f45b8135b91a6de21ebfa89fd0fdc5f3e4a88551bf21b0b446437bfefcab5c2abe1