Analysis
-
max time kernel
2349915s -
max time network
149s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
-
submitted
20-12-2023 04:37
General
-
Target
8484c2866f4404efae683034430804680ec740b0919e435c3897ee45c3ae3759.apk
-
Size
1.8MB
-
MD5
6f578eab62f3c76e7319284f6b199ed7
-
SHA1
368f26efd03c9e9c3c2f07d3c84c414c2cf666b5
-
SHA256
8484c2866f4404efae683034430804680ec740b0919e435c3897ee45c3ae3759
-
SHA512
398144a369836788e78f36aa928809ffcd04a43ac7168373982c6c5d8cb5db2203982643d1ef32d76f3288cc9ec2f046ebc9dddf4aeb935d519c5ee1606295f6
-
SSDEEP
49152:p7hKTua7KtTNNbUCzBa0hth+HkfQnrfGic8hxg8/pMzP:JkKPa6o0h3+Efe7TXxCzP
Malware Config
Extracted
alienbot
http://cacecarsa2.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 8 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
nziaryxzmcxobbploy.lufhis.fezdtho1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
710KB
MD585eadfc5e60acd29888f2c26534bb463
SHA11ac2498eea903927f2cd78220599b4fd98ea7306
SHA256a72322c91ca9540aff284e9e46d2332870221cfd607792fb533a3eef142e9aca
SHA512c3cb4954ebd89634a20a8c55660acbe6a32dff9a3ac2900d53bb7a66c19d5dbcbcc06f1d1b7fa6d1e7e8a20bd71bcc7c72409b5b1b7dd98c2f71f1bdf4fed6bb
-
Filesize
710KB
MD5934b81cac7ceb4caab9b8c4186b614df
SHA1c3c0709b833348feda77972888dbdc23d38800cb
SHA25665655dd4a51322a416408aa47625afde37a7136d2cba45f2d7ca021ae15b5525
SHA512fc0e5c14945734b6d867baa22424a31f2f384c789d907e2d66e65136d6b39fb97264cbdc259c82d58ac058a96ede420563f233f26ec53a235a78195ce7fbafec
-
Filesize
327B
MD585c4de6e01d468f9821a8d2068c6c0b2
SHA11b000989673813fefd7cc4c2e4532663c7a71805
SHA25655b27cf7b01f14cf6f420cb0ba508c0037f7f0ab8231461472f1bc0c07555021
SHA512f7e0072bb7fddb0a7b5d90d9d8856355a52ad832134dbe5cebe7489e54f60c01eb49b8b0f0dd464dd615af52f856e8e8ff0de69b20c2bd83f4118a9f1878130d