Analysis
-
max time kernel
2440147s -
max time network
150s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
-
submitted
20-12-2023 08:47
General
-
Target
97c3cc1c42fb7427256c5d7938d3e8f21fd98cce8d327adf10244291d3c68ee9.apk
-
Size
1.8MB
-
MD5
c35aeeab03a3002deb83aa86ec863622
-
SHA1
29ab2b28845cb48c55ecaeefcbdd42c1a0878e79
-
SHA256
97c3cc1c42fb7427256c5d7938d3e8f21fd98cce8d327adf10244291d3c68ee9
-
SHA512
f947a8c3fa068577162dcb85d0051cdeca4915e28197b2d91dd7c52e078ed43e1ec013554eab87cec588a1faf9c9fb2175ac792a6a664601e0ca614a438eb092
-
SSDEEP
49152:WqUfQvw2s77wdBqu0bVvYGrcfQub28Qz2pw:CfQdK8QvYGYfQuq8QZ
Malware Config
Extracted
alienbot
http://zeus45-3.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 8 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
wwbthkwyq.ubeefrquxp.aecrjqdaz1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
630KB
MD5bf4bbc648581b3799242cf186382777a
SHA1d6587f4e863620edd7bb997bfc5ea616c9177e35
SHA256892091b9491a52ba7d4c6c6fe6adb68e39e1e4fb48da689108bdb5353de22613
SHA5126e51bc425e577ffaaa976f0cc3ef430244481200a37c6bca09fa7fb33e9802ed07a3d18ac49c50cfb033e19fd9d8668d32fccede3a3901e5fd32788f569b6929
-
Filesize
630KB
MD59270824c8c898e998b3a7a21d9760bd1
SHA17b9e31c82a745f2cf55fad5edd69d1c73f69564e
SHA256e7528f5c91259b0244e6585aa4f9dcdec2324ea99fdda45eeef72954d8b3bea6
SHA512b5be04cde6e15aa4787bb822aa28dbc2ce68d021e81e387e4ff2700cb2f5b9399117728281de2ae9690011526f1dd19ab59fc4f58e29012d50d46c263c051ee9
-
Filesize
315B
MD52515f2e56cc447e29ad59416bdd0cf42
SHA12ecd2e2ac7fc18e93e1510fc437c5d11f9fb7cdd
SHA2569c9107914163e4a87a7c602db0e41f607c3cc7d1a7c5e481c6614467f3c58225
SHA51214d97512ca59207794406fd0d7dfb0ef1e08b719e8e6b46c4eed1597fae99fedd923831df512215a2d1b09f917f53dce9c3174b2c980224c8d65f9597088f59c