Analysis
-
max time kernel
2352434s -
max time network
150s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
20-12-2023 04:50
Behavioral task
behavioral1
Sample
853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742.apk
Resource
android-x64-20231215-en
General
-
Target
853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742.apk
-
Size
301KB
-
MD5
ee5c67d9b6064d6f36e9025b5c142190
-
SHA1
b4f03e335e0f96100ac3362c9b0dee82437d31ab
-
SHA256
853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742
-
SHA512
9f5aaebe775f8c2c75947dcf30ff16ee19b5120a331f37b3051847c7f08d9921ba26582c7cdb4bad996ba5457f45545b964b1bad902e445faa6ba921fc1b1463
-
SSDEEP
6144:BCveehY0824v857BRpFX9mUTiQBy6AKSDdBR1hR28xP/JWi0dR5g3mLlkWAC:dekS7BPh9mUu2ySSxvR2k/PmRoEee
Malware Config
Extracted
alienbot
http://birgaripdunyasanki.tk
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.mfwh.xofmpdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.mfwh.xofmp Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.mfwh.xofmp -
Processes:
com.mfwh.xofmppid process 4620 com.mfwh.xofmp 4620 com.mfwh.xofmp 4620 com.mfwh.xofmp 4620 com.mfwh.xofmp 4620 com.mfwh.xofmp 4620 com.mfwh.xofmp 4620 com.mfwh.xofmp 4620 com.mfwh.xofmp -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes:
com.mfwh.xofmpdescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.mfwh.xofmp