Overview

overview

10

Static

static

6

7bffbc8b51...28.apk

android-9-x86

10

7bffbc8b51...28.apk

android-10-x64

10

7bffbc8b51...28.apk

android-11-x64

10

Analysis

  • max time kernel
    2329896s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bffbc8b51bef632fce8463e1af38ca77a21acbac5a9e3dfc2290cdaab857028.apk

  • Size

    1.7MB

  • MD5

    c21bee1ed1da1cd9c49ec20edac9af68

  • SHA1

    0538e6791fd1320e309cdfdd7acdaf11b4b609c2

  • SHA256

    7bffbc8b51bef632fce8463e1af38ca77a21acbac5a9e3dfc2290cdaab857028

  • SHA512

    686a9076e2c0f3f6ab6652570eb79c06fdc1d9979b0a994d73f805088a52e60eeb3a576987a028ffae3529a8692d1f2fcc1cd656428ba16c16bd0161890f6255

  • SSDEEP

    49152:LPWBOdvcCRFuGNyjOPFXvlA5wHYaG0xdDfZ:F1lPFXtAicM

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://cacecarsa3.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • teynhhgglabj.poxubotq.ejajkkdwwe
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    PID:4979

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/teynhhgglabj.poxubotq.ejajkkdwwe/app_DynamicOptDex/eGf.json
    Filesize

    736KB

    MD5

    c2a783c96818c85b86e6a058bc705840

    SHA1

    deb9aae6038e8c07721b0c7755658af9f33c6413

    SHA256

    c898b0091a78c719362105e1a2b3787e26ef3adf33fbfb4e6b1e42a9040f99e6

    SHA512

    56373ea2c992bc83d25cc5bcace435d2d695f4ad432900fb7fe7179d35c4b7a46527babb258427d60d5cdf12bcc9672cc207124faa92dcc580a835d233463ad6

    Download Submit

  • /data/data/teynhhgglabj.poxubotq.ejajkkdwwe/app_DynamicOptDex/eGf.json
    Filesize

    736KB

    MD5

    6fdfe04f0540de76aad9d20acbe87e18

    SHA1

    f9e6b5d781986a8c15a0f418aaaf5a82efe581bc

    SHA256

    ab981dbbbfefa5196d396dfd8e474d4669dcb98c78ee924d36ff50dc9293c72a

    SHA512

    001d2911610b5e1adb9e7b62340f2b57e2f26e7992a5bde36b7ef2ef787c4b04ce00be6596c5aa2ba2531d4566f1404d1b986f4514c1501e090c3b93ae479807

    Download Submit

  • /data/data/teynhhgglabj.poxubotq.ejajkkdwwe/app_DynamicOptDex/oat/eGf.json.cur.prof
    Filesize

    369B

    MD5

    3dae01553aa05991cdf20ee702ff6baa

    SHA1

    b3497a565ae512cfb0f865806c32a8739a4052c1

    SHA256

    91859e963f3cb05e2d607f4cce4de80137afb9c9dc4d425a7aacf860a251feb9

    SHA512

    0fdaadc05ac99936d342e02681cd3050f566d44bb50bb9f111760a9a4f5267a8f043a18c30a5151d749e92e0e2f03528436003f834065b82727bfc7f032711c2

    Download Submit