Analysis
-
max time kernel
2374202s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
20-12-2023 01:50
General
-
Target
7b5f6d8b93d3dbe982f87be3988b7323cba198944e2afdc2b8143347fc17dbcf.apk
-
Size
2.1MB
-
MD5
29914c9b705f3446486261c1081aeccf
-
SHA1
787c4a114cb1dc1ab91b93d35154b363778a8414
-
SHA256
7b5f6d8b93d3dbe982f87be3988b7323cba198944e2afdc2b8143347fc17dbcf
-
SHA512
b391917408018b5cf8e99d00462eeb08d9403a037458d0588e29d9d30b3dbd719d7ffa4a0c8118bbd24240c7440ae4edd979760263eb7f82ab33fedb5ac5b801
-
SSDEEP
49152:PYO/q3NpOd3RHwTI8IrJjZ+VGw2PeOq/gf4tZL2w9HLXYHFmErJ28c9:PrEdcprJZ+1tT9LX4N2
Malware Config
Extracted
alienbot
http://apk-file.ru.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 2 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 IoCs
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
msbtomsqwhedxxjofjtuncgsses.nqunxowwntnu.cbgseqrfp1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/msbtomsqwhedxxjofjtuncgsses.nqunxowwntnu.cbgseqrfp/app_DynamicOptDex/eegd.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/msbtomsqwhedxxjofjtuncgsses.nqunxowwntnu.cbgseqrfp/app_DynamicOptDex/oat/x86/eegd.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
756KB
MD5575e54e078f15fc51f916be9fbb177ad
SHA16ad2701fdcccc7999e743d53e50fdf7763fe75a7
SHA25679594c44226fc6772fb086d8a020204ad2540aaa5f4c9abca86b60ae000578c2
SHA512ed8daeaf598c9b47709a266556104752166f068041c91822cf576ce81004e3f3313c398ea27be7e8feb7cb6e82f17cacf23baeb13b595a2125e7d4cf45fc1848
-
Filesize
756KB
MD5c794df2a11248cb510f9f64aa64c8454
SHA134424960050861fae48c452631ab7327da72229c
SHA2567a89cb0c9a118a79d6ccb404b9d853dccc875f5f531d2afafa56695222576a1a
SHA512782692f5fe24883389509153a049d140b7344e79458566732b49c008e62692dd0dc6d95d7a7850dcc7a62a03684d67b28bc5415ba371b776e4b0c1008e6bfe7f
-
Filesize
756KB
MD5046daa6ef0e814210b639ed3920c1215
SHA1c1329e6740a9a043dc330a855527359654c266f8
SHA25634376c38cb4872e1e0d7708b5e4ef3d6c4e8ac1cc3c7cd407888a635661599cb
SHA5129524a96ecaa2fb3421b2ba2ef076970abceb3c790b245f6eb033fa32db6b6d92d4e39b84a0af389ba80c9d2b75ada47dea78999e4bc1f007a09a377df628af81