Overview

overview

10

Static

static

6

93d77923ed...45.apk

 

93d77923ed...45.apk

android-10-x64

10

93d77923ed...45.apk

android-11-x64

10

Analysis

  • max time kernel
    2440566s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93d77923edd54c80a9073ab529daa34e275334eea747daf3f496bce114116545.apk

  • Size

    2.5MB

  • MD5

    53cfbd65d6f0beec535d5c11b7b8ee68

  • SHA1

    0e10eef11b6b6e9c1b81a0719f64ef4a85d68f8a

  • SHA256

    93d77923edd54c80a9073ab529daa34e275334eea747daf3f496bce114116545

  • SHA512

    92d8a47acf00065842903bab4ba4036e4b579c82f8215279a2e7fb55678b91490cfa6b7f2f52edcd902151ce80e30ca1ca28f886ac09267b1969ef7285e20061

  • SSDEEP

    49152:/fTEOHkiXkXbOrT8KnIjyKVGwG2T0eZrmNGKqviEQxriESscXHKaj9aaxmIqmgLF:nTwbATZOkw0GmYKpZ6pfYLNmIJ3Rf

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://brobenim9.site

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 3 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • pact.praise.duty
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    PID:5059

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/pact.praise.duty/app_DynamicOptDex/oat/ruW.json.cur.prof
    Filesize

    380B

    MD5

    30a2b8ca94a6012dca1bba7571badcf6

    SHA1

    5b2941339a8ea124dcf5137eb6ff8aff948a00b1

    SHA256

    579bbea2cfada849b545b2cad2e8392a22238648c8e32623bfa8e05999f6e8ce

    SHA512

    f6832e471afdfa4397305337b5ceca4e4302ee639932e5285f1b031206d28efb0f9950107d828fb96ade73118cf695f348a0c7125c56144a14f2440efb034e3f

    Download Submit

  • /data/data/pact.praise.duty/app_DynamicOptDex/ruW.json
    Filesize

    770KB

    MD5

    ef752c7eb8f3ca6848e22402d62eb323

    SHA1

    5f17225fdb4dfbc185ccf5dec24786f4596ade1d

    SHA256

    2c8c25001ed0b6d8e9ed5bb4ef31a6e1b464d042c5f6ab758a7d248f065f3aee

    SHA512

    edcb038621a1c710ceb6512c86d165bf0005a3de9064ef64ef9ca113ab0c4bab8b39e72342ef2f99c2b9e5924bcd36faf8414fcf70065240509489fc75a5b6e3

    Download Submit

  • /data/data/pact.praise.duty/app_DynamicOptDex/ruW.json
    Filesize

    770KB

    MD5

    28661ee5d491cd59cd65233484056f82

    SHA1

    ce56c25dff73fb8cfe2f644566126713d762d83d

    SHA256

    7391ae613d0971120572a9c1f351a7088e1b0796920472758fec3449bbfc9e00

    SHA512

    f8f04701405f4289706028d1c267f290f386714eedfc789229b12c34a885cbbaa269eeaedc01d2f92570e00238a414a7749a58bc42c1269a29724b1254891eb6

    Download Submit