Overview

overview

10

Static

static

6

7dde3353e6...14.apk

android-9-x86

10

7dde3353e6...14.apk

android-10-x64

10

7dde3353e6...14.apk

android-11-x64

10

Analysis

  • max time kernel
    2300333s
  • max time network
    145s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20/12/2023, 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dde3353e679bd4ec0a5c8655d95edb9a41e2a6c284ece79e764fe91a709ba14.apk

  • Size

    2.3MB

  • MD5

    dafe74f89d07bb8e452506809920ceb8

  • SHA1

    449270d46ff82f62edd095a967b0751e62b4054f

  • SHA256

    7dde3353e679bd4ec0a5c8655d95edb9a41e2a6c284ece79e764fe91a709ba14

  • SHA512

    243ff9a864b66c46a8202b90b4d3d899f16d4953a91414c83024a6366f286c1e55bbacc80bbaa1370e42fbaf3050ca614164ade64c69175ec8c19bed2cf4153a

  • SSDEEP

    49152:x1qxruZUjBQLYhdo3bHDzFUYmQLcVXzRsoP8geg2QW/I9WkNU66SuhKmub7CyfGm:9iS+ibl9mlRWINTp9fp

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://abracadabra6.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • lrjdwnlfnrsjrh.kqtxlpsdmqlkxxre.xlpgxysehcskiwbrwaurejlwkm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4471

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/lrjdwnlfnrsjrh.kqtxlpsdmqlkxxre.xlpgxysehcskiwbrwaurejlwkm/app_DynamicOptDex/WRX.json
    Filesize

    693KB

    MD5

    546fddb6ce5bd49be50961bf31a27e03

    SHA1

    9e8fbff72bbf0e3edf149f8f12f8c3d3e8088cc6

    SHA256

    ec6677ae919129722c52feabe29df80c12a4347beb4be48fc3a16576f3d13da1

    SHA512

    6294cd3af8b8e1d3c26ddd8a0934f0a0e8948fc3835757f966378f6accd1f168d2bf009a104c9a73dc212da4c69c4d698d2aa8078c3b943d081d724e3acdc048

    Download Submit

  • /data/user/0/lrjdwnlfnrsjrh.kqtxlpsdmqlkxxre.xlpgxysehcskiwbrwaurejlwkm/app_DynamicOptDex/WRX.json
    Filesize

    693KB

    MD5

    a0ec4b3560a4645b42091707b6edf989

    SHA1

    8fdf10e8a1159e78f2ac2fecfa5dfedf9cc5f0a7

    SHA256

    b9ac8c63c12276732e00ee9506b582f816dca0a5d08978c27917f94ff8c1bc70

    SHA512

    f6fb020f2da9a7e4eac2affcfebf4440e4d0998c3994ffa1dffe6d0eed703e15d04ee9a6feded726f349deb413f90e7ff013f04c16a780f13bb33b678b6c1e28

    Download Submit

  • /data/user/0/lrjdwnlfnrsjrh.kqtxlpsdmqlkxxre.xlpgxysehcskiwbrwaurejlwkm/app_DynamicOptDex/oat/WRX.json.cur.prof
    Filesize

    353B

    MD5

    2731e079bffc3bea62c5251b9594dabb

    SHA1

    4050ce645d5f10c98db1f5951a2f158478d23354

    SHA256

    d4a822f55be5961154c2df07577a06d40164ca56801491de42ae87c5eee8a3a3

    SHA512

    7e92bf3ae67b6de19161badd30afda888fe02b87d29510af9f24c728e6d27c2c90285bd94a2de9fbf1f0b85207e471252dfe12f5af68e11218e7a9cd623cd9d1

    Download Submit