Overview

overview

10

Static

static

6

9957a03540...e2.apk

 

9957a03540...e2.apk

android-10-x64

10

9957a03540...e2.apk

android-11-x64

10

Analysis

  • max time kernel
    2462235s
  • max time network
    147s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 09:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9957a03540292e79743545af7912af20328b7ead26a07f6321f895e1aa0548e2.apk

  • Size

    2.1MB

  • MD5

    8b86e31274d87061683e29ec9b91ddcf

  • SHA1

    738724ddf869cf688be01df41c8eeb8db6a139d2

  • SHA256

    9957a03540292e79743545af7912af20328b7ead26a07f6321f895e1aa0548e2

  • SHA512

    afa1b7568a8e3bbd7317e8bb96546d3e3f3942c26d91e3e56ba64b5f0f5c880f91bc970669ba14021311946730deb57dfdb41bc8b9f823eeed8b9733337b301c

  • SSDEEP

    49152:LjMTXASrW3Kbj2DrR3uYRdHwjpcCqRw/NTfkOctLT:LjVEnqrXnHCh4LLT

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://saglamsiparislerburada.shop

rc4.plain

Extracted

Family

alienbot

C2

http://saglamsiparislerburada.shop

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 7 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs

Processes

  • com.parrot.habit
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:4982

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.parrot.habit/app_DynamicOptDex/Qi.json
    Filesize

    238KB

    MD5

    bc7a72d29a3ee138b384a862e0d94a49

    SHA1

    524c3250e4331f262b6b4951f097321b759770e8

    SHA256

    085a36cdd7714117adebda66564035d8d8f14898276348c6d9069779bb2c35c9

    SHA512

    6c91825a4358e2203cb88d06aee9a47d29708852fe90e58717308a1f6b186f1284a0d9edd8217b6dda95f61ce4495e032c4ce5f21155a9f4424199fa55eefeb9

    Download Submit

  • /data/data/com.parrot.habit/app_DynamicOptDex/Qi.json
    Filesize

    238KB

    MD5

    358ed62467278f06e995a860550958a4

    SHA1

    5ec0fc78fb6b11af00c557e0778d68665bdd8a53

    SHA256

    d1e6b3cb5d6a861a52f6b364c258be9b45bd3a19c68ba3701e4ed36305f10b05

    SHA512

    468b3321e46a0aa9fae170b2c1a0c7776b67cc1da9117b44615ecf1c426f88fe147fab7ce372e5da3f101bea087fce62999fd9bc6a14b9b3a863b1b9873da395

    Download Submit

  • /data/data/com.parrot.habit/app_DynamicOptDex/oat/Qi.json.cur.prof
    Filesize

    436B

    MD5

    cc5436ede2090ffe931a20aadc59981d

    SHA1

    d35ef36c18518ef5079b513537b8910c59ddbc08

    SHA256

    f8e3482cd9a6767f676edfb49c825e3c5bcf70685370b9c66c2e43c9013ef65d

    SHA512

    f46bb6a28e95153e202683c80c97351d3847f75e1c6538f914ff1dc4ad0f75de282a5f6b271bda7a46d5a0e42503ec8cf6b92dd1c97089eb524c69eede6ebae8

    Download Submit

  • /data/user/0/com.parrot.habit/app_DynamicOptDex/Qi.json
    Filesize

    482KB

    MD5

    80dc669760f82e56e80e1131262decc8

    SHA1

    57cacfb1f3b0fce023b98985bf81b066782babbc

    SHA256

    0a6592aad6877b72f85a6f7164053d80d2740405f52d9a8f94743fb75fa4188f

    SHA512

    e3bd86c7f9c928181ccfc46fa7774231b0e949b15961a6d5fd9d0d14b75dce53db5050d259d0e9510bddd4a09762c56a9439441adf57f14978d0390d630980ce

    Download Submit