Analysis
-
max time kernel
2376056s -
max time network
136s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
20-12-2023 01:59
General
-
Target
7bffbc8b51bef632fce8463e1af38ca77a21acbac5a9e3dfc2290cdaab857028.apk
-
Size
1.7MB
-
MD5
c21bee1ed1da1cd9c49ec20edac9af68
-
SHA1
0538e6791fd1320e309cdfdd7acdaf11b4b609c2
-
SHA256
7bffbc8b51bef632fce8463e1af38ca77a21acbac5a9e3dfc2290cdaab857028
-
SHA512
686a9076e2c0f3f6ab6652570eb79c06fdc1d9979b0a994d73f805088a52e60eeb3a576987a028ffae3529a8692d1f2fcc1cd656428ba16c16bd0161890f6255
-
SSDEEP
49152:LPWBOdvcCRFuGNyjOPFXvlA5wHYaG0xdDfZ:F1lPFXtAicM
Malware Config
Extracted
alienbot
http://cacecarsa3.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 2 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 IoCs
-
Checks Android system properties for emulator presence. 1 IoCs
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
teynhhgglabj.poxubotq.ejajkkdwwe1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/teynhhgglabj.poxubotq.ejajkkdwwe/app_DynamicOptDex/eGf.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/teynhhgglabj.poxubotq.ejajkkdwwe/app_DynamicOptDex/oat/x86/eGf.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
736KB
MD5c2a783c96818c85b86e6a058bc705840
SHA1deb9aae6038e8c07721b0c7755658af9f33c6413
SHA256c898b0091a78c719362105e1a2b3787e26ef3adf33fbfb4e6b1e42a9040f99e6
SHA51256373ea2c992bc83d25cc5bcace435d2d695f4ad432900fb7fe7179d35c4b7a46527babb258427d60d5cdf12bcc9672cc207124faa92dcc580a835d233463ad6
-
Filesize
736KB
MD56fdfe04f0540de76aad9d20acbe87e18
SHA1f9e6b5d781986a8c15a0f418aaaf5a82efe581bc
SHA256ab981dbbbfefa5196d396dfd8e474d4669dcb98c78ee924d36ff50dc9293c72a
SHA512001d2911610b5e1adb9e7b62340f2b57e2f26e7992a5bde36b7ef2ef787c4b04ce00be6596c5aa2ba2531d4566f1404d1b986f4514c1501e090c3b93ae479807
-
Filesize
472B
MD5cabf9cb48b7eb664d9c73fdd45fa7cea
SHA1133c4ef0e291682f73cc58e424f089559dcefa0d
SHA256257c9f20f0fe5b74d594bd0a2ef56db1f87e68449eb443e8cd333d9a3f6115de
SHA51215719914e0430dc463e8b9d169558eca277737bd74b1e93c0089125d23228b241a8b3a02aa347c582d1e860840cb98788d0331dd781b294aa51f98727de18ba4
-
Filesize
736KB
MD5072eaa4817ac2a749315bbec544233e5
SHA17850315fdb00e39be5df928858620741a8c25cd8
SHA2566a9022945a5cbe5800c4abf2df7b5ca28013af6b2efa95874e0ec101595518ea
SHA51224be354e914cfe3d7bd8dd3e2167c1d53ed7d65927e5ac2d1224b98e6836e4ff457210ff31738b845c78d573380229c8313abb436622dab74b3e28a4cc7cdeae