Analysis
-
max time kernel
2513192s -
max time network
160s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
-
submitted
20-12-2023 11:46
General
-
Target
add237b89e88279d19b58da5bd06c371d982853a536dbf906c5b3b42ba13cd2a.apk
-
Size
1.8MB
-
MD5
bd57fd2e64f0db396735a2550bfea9a3
-
SHA1
b84061c464aa04a9a626b82d058311ae4e26f9c8
-
SHA256
add237b89e88279d19b58da5bd06c371d982853a536dbf906c5b3b42ba13cd2a
-
SHA512
69cbd5b32a56a38a074609cf38e17f29b2ccdd1e873da4a1ae845623a994a47ddf4ad86fd07a346c5f61c412e5c37e00d1b567373b53adeb4514d5fbf334fad9
-
SSDEEP
49152:5xrM1GsLmakKZfCVodEhDfTUcHiwwIrtkBgDHjRJeQ1prHKze20uL:5S1GLapZf+omhDfDiwJLHNJrKy2ZL
Malware Config
Extracted
alienbot
http://heklpplaldmeroads.shop
Extracted
alienbot
http://heklpplaldmeroads.shop
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 5 IoCs
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
Processes
-
com.advice.multiply1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
238KB
MD57b573341f2d1f7cbfafb14024c782bb6
SHA12b1b0921b508a668391c3b9f195bb469ead98993
SHA2568905ece2ab8418bf0549bd1a2c126558eac45e84e81ef77fb17bfa66003c49a7
SHA512c7525be3a663cd6738bf0d79d2b8060fad130af7a2f875ed757b6b6f9d8b8d2f6a496aac330386032af3e180572282245a12e27c2fd2390c423bb5ff448305c2
-
Filesize
238KB
MD5bfd8def3fa05f7f5eb18b59305759bc2
SHA15e4cc7d643d80f17f205f33fd729287269e5d025
SHA256ce202fbcfe24df8c892b8724f46a905cf522b12a407e56821e991b668fd10842
SHA512474fe5119817d7863e16aaab653b906c22e170cf8380e8e20ffe63d79e6e80074d29f8b260cc28ad962014c6c0285e6458f8f74a2e39ce33b8d756cb7d2d22c6
-
Filesize
370B
MD5da097fd5054fdf2ca168b3a45affceea
SHA1f6c22d70fb1ff2e0fb0944b8f8b4c3935356c86b
SHA25653efd162265f973d6b717cde08098d8ab1a8ae18c82b8cf1e96a2b56999e5aa1
SHA51237e80ef9679ed352122aa7c365bcba66016823349eca552881f87a02f1748018127409dc083c4f53748f1b53311d34ece6a1caad1a1aaee98bd4a3cd401577f6
-
Filesize
483KB
MD527c5cd2bbe52d6e99a63850ca02a9827
SHA102a983694c540ce8eb652ed9af99932359c42273
SHA256b9459b71aa16913164edcfeed97bd60b98fd57050b93fddc48061c94e2d327f1
SHA5128df7e3837a7691c5b41c39d858a22f4bcc5ae316aa002c13179f7b88f0d941239017d24b2cd7df35a64f7070bfe57b608093d5269c408ee568ef4e72b54bd379