Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

873abcf925...0f.apk

android-9-x86

10

873abcf925...0f.apk

android-10-x64

10

873abcf925...0f.apk

android-11-x64

10

Resubmissions

20/12/2023, 05:25 UTC

231220-f39thagfe7 10

Analysis

  • max time kernel
    2365405s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20/12/2023, 05:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    873abcf92582d1cb09910028d731c7835a17002f5f024ed05d3a004ab20cc00f.apk

  • Size

    2.5MB

  • MD5

    d4a8e0ae01d248aa078851e68537f521

  • SHA1

    42e88e214e26e053285a6f07a36c52640550aaf4

  • SHA256

    873abcf92582d1cb09910028d731c7835a17002f5f024ed05d3a004ab20cc00f

  • SHA512

    5ee2c8f6e2c09ca72dadbc01922d79f1028ad876b929e665c7ae0298e2e25efbc28163ed55595f945c32678372fa7808ec0e7eb78464d958929708e3c6006d11

  • SSDEEP

    49152:xiGa+eZol6GSDZ8azVgPX8YM4GiAuoAHMX90eQWfrlFANkER5UaK06OL3K9xiZtO:85DxSkYXfmalRKjQ3+xisXRrvf

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://sariyenibez.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • zakghedfcnhlgbrxr.ukhyemmjkwz.topeqpkbzjhbr
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4620

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.212.232
  • flag-us
    DNS
    sariyenibez.xyz
    Remote address:
    1.1.1.1:53
    Request
    sariyenibez.xyz
    IN A
    Response
  • flag-us
    DNS
    kovalkovalihtila.xyz
    Remote address:
    1.1.1.1:53
    Request
    kovalkovalihtila.xyz
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.213.14
  • 172.217.16.234:443
    tls, https
    1.3kB
     40 B
     1
    1
  • 172.217.16.234:443
    tls, https
    530 B
     40 B
     1
    1
  • 216.58.212.232:443
    ssl.google-analytics.com
    tls
    1.3kB
     5.8kB
     8
    7
  • 142.250.178.14:443
    tls, https
    920 B
     40 B
     1
    1
  • 216.58.213.14:443
    android.apis.google.com
    tls
    3.1kB
     7.0kB
     14
    13
  • 142.250.187.196:443
    tls, https
    1.2kB
     80 B
     3
    2
  • 142.250.187.196:443
    www.google.com
    tls
    4.9kB
     10.8kB
     28
    31
  • 216.58.204.74:443
    https
    51 B
     50 B
     1
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 142.250.200.14:443
    https
    51 B
     50 B
     1
    1
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.212.232

  • 1.1.1.1:53
    sariyenibez.xyz
    dns
    61 B
     126 B
     1
    1

    DNS Request

    sariyenibez.xyz

  • 1.1.1.1:53
    kovalkovalihtila.xyz
    dns
    66 B
     131 B
     1
    1

    DNS Request

    kovalkovalihtila.xyz

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.213.14

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/zakghedfcnhlgbrxr.ukhyemmjkwz.topeqpkbzjhbr/app_DynamicOptDex/jwoY.json
    Filesize

    697KB

    MD5

    a6a64d35a848fd9f22231d8e5621e899

    SHA1

    6252c00e009a3a45f8acc25470b7a189b6cd27bf

    SHA256

    91d2c9cb2018d5b2a03fcf58bf0e0a64f492058b1b5f7d54224c0fe709f5b455

    SHA512

    77f7b1b0bcd7b4e0831bee9aae69a99f1bcfbca6ec66fd6107424d2287d2f1bf3939c8a0b232f4c96a7d57a7d203db9b836c13c939c409e178fcc97f44dfb421

    Download Submit

  • /data/user/0/zakghedfcnhlgbrxr.ukhyemmjkwz.topeqpkbzjhbr/app_DynamicOptDex/jwoY.json
    Filesize

    697KB

    MD5

    3fa6e1269691621bf38a9a5b477545e3

    SHA1

    4e176ecbac81bcb08ac4ec0ce4e3a27526e348f2

    SHA256

    edb4530036d0ad2160ac4f9b3b65cf6224ac58e7ed6d9501585a571d14b26d97

    SHA512

    858c918b794dc3b4a7eb877ad6e4054352d76240c7b1098046a2d78f6f6cfb38c806300ba54e73a59dc8215d7c653f18d707e5629093b4f80d2094df3c494679

    Download Submit

  • /data/user/0/zakghedfcnhlgbrxr.ukhyemmjkwz.topeqpkbzjhbr/app_DynamicOptDex/oat/jwoY.json.cur.prof
    Filesize

    323B

    MD5

    b254535dc5236bc6557e6460ab609612

    SHA1

    7935e9ace318470784c8b7bcc9c13870408f3b0e

    SHA256

    548004501548f7a8b163367b747c3c7ac18d5f69e36b747fee2ad4f26db0cd29

    SHA512

    c66ee60a8b50f1ee4c3d837aeb627a33ab4e3f83226a0d194c688f4dc047eed6af815c9088fad71fd1dfe9484f746f9a5a35695e9a4cde71e0c221dd391ed78c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.