Analysis
-
max time kernel
2329921s -
max time network
150s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
-
submitted
20-12-2023 01:59
General
-
Target
7bffbc8b51bef632fce8463e1af38ca77a21acbac5a9e3dfc2290cdaab857028.apk
-
Size
1.7MB
-
MD5
c21bee1ed1da1cd9c49ec20edac9af68
-
SHA1
0538e6791fd1320e309cdfdd7acdaf11b4b609c2
-
SHA256
7bffbc8b51bef632fce8463e1af38ca77a21acbac5a9e3dfc2290cdaab857028
-
SHA512
686a9076e2c0f3f6ab6652570eb79c06fdc1d9979b0a994d73f805088a52e60eeb3a576987a028ffae3529a8692d1f2fcc1cd656428ba16c16bd0161890f6255
-
SSDEEP
49152:LPWBOdvcCRFuGNyjOPFXvlA5wHYaG0xdDfZ:F1lPFXtAicM
Malware Config
Extracted
alienbot
http://cacecarsa3.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 8 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
teynhhgglabj.poxubotq.ejajkkdwwe1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
736KB
MD5c2a783c96818c85b86e6a058bc705840
SHA1deb9aae6038e8c07721b0c7755658af9f33c6413
SHA256c898b0091a78c719362105e1a2b3787e26ef3adf33fbfb4e6b1e42a9040f99e6
SHA51256373ea2c992bc83d25cc5bcace435d2d695f4ad432900fb7fe7179d35c4b7a46527babb258427d60d5cdf12bcc9672cc207124faa92dcc580a835d233463ad6
-
Filesize
736KB
MD56fdfe04f0540de76aad9d20acbe87e18
SHA1f9e6b5d781986a8c15a0f418aaaf5a82efe581bc
SHA256ab981dbbbfefa5196d396dfd8e474d4669dcb98c78ee924d36ff50dc9293c72a
SHA512001d2911610b5e1adb9e7b62340f2b57e2f26e7992a5bde36b7ef2ef787c4b04ce00be6596c5aa2ba2531d4566f1404d1b986f4514c1501e090c3b93ae479807
-
Filesize
331B
MD5e857b833d77018491363dccae10d2e4b
SHA1a058f8e8c984234536aae0f3940f55fa788e7df2
SHA25633ae9c46dd64897f4f192fcf0b01749edd0b43ec59e490ce30d0bdf0bc4dd3a8
SHA512fc4b662645834c9922fbfed8669b51abe2d7e71481803045a03bf65612332e83c56f61187da46f8e2f6f38d3b8e931669ac21c366844ada0eda0bf0f46fe463e