Overview

overview

10

Static

static

6

7dde3353e6...14.apk

android-9-x86

10

7dde3353e6...14.apk

android-10-x64

10

7dde3353e6...14.apk

android-11-x64

10

Analysis

  • max time kernel
    2300193s
  • max time network
    143s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dde3353e679bd4ec0a5c8655d95edb9a41e2a6c284ece79e764fe91a709ba14.apk

  • Size

    2.3MB

  • MD5

    dafe74f89d07bb8e452506809920ceb8

  • SHA1

    449270d46ff82f62edd095a967b0751e62b4054f

  • SHA256

    7dde3353e679bd4ec0a5c8655d95edb9a41e2a6c284ece79e764fe91a709ba14

  • SHA512

    243ff9a864b66c46a8202b90b4d3d899f16d4953a91414c83024a6366f286c1e55bbacc80bbaa1370e42fbaf3050ca614164ade64c69175ec8c19bed2cf4153a

  • SSDEEP

    49152:x1qxruZUjBQLYhdo3bHDzFUYmQLcVXzRsoP8geg2QW/I9WkNU66SuhKmub7CyfGm:9iS+ibl9mlRWINTp9fp

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://abracadabra6.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 2 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs

Processes

  • lrjdwnlfnrsjrh.kqtxlpsdmqlkxxre.xlpgxysehcskiwbrwaurejlwkm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:5141

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/lrjdwnlfnrsjrh.kqtxlpsdmqlkxxre.xlpgxysehcskiwbrwaurejlwkm/app_DynamicOptDex/WRX.json
    Filesize

    693KB

    MD5

    546fddb6ce5bd49be50961bf31a27e03

    SHA1

    9e8fbff72bbf0e3edf149f8f12f8c3d3e8088cc6

    SHA256

    ec6677ae919129722c52feabe29df80c12a4347beb4be48fc3a16576f3d13da1

    SHA512

    6294cd3af8b8e1d3c26ddd8a0934f0a0e8948fc3835757f966378f6accd1f168d2bf009a104c9a73dc212da4c69c4d698d2aa8078c3b943d081d724e3acdc048

    Download Submit

  • /data/data/lrjdwnlfnrsjrh.kqtxlpsdmqlkxxre.xlpgxysehcskiwbrwaurejlwkm/app_DynamicOptDex/WRX.json
    Filesize

    693KB

    MD5

    a0ec4b3560a4645b42091707b6edf989

    SHA1

    8fdf10e8a1159e78f2ac2fecfa5dfedf9cc5f0a7

    SHA256

    b9ac8c63c12276732e00ee9506b582f816dca0a5d08978c27917f94ff8c1bc70

    SHA512

    f6fb020f2da9a7e4eac2affcfebf4440e4d0998c3994ffa1dffe6d0eed703e15d04ee9a6feded726f349deb413f90e7ff013f04c16a780f13bb33b678b6c1e28

    Download Submit