Overview

overview

10

Static

static

10

0da3fc6600...ca.apk

android-9-x86

10

0da3fc6600...ca.apk

android-10-x64

10

0da3fc6600...ca.apk

android-11-x64

10

Analysis

  • max time kernel
    3161300s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    30-12-2023 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0da3fc66004320774a0ff35d239b3aca.apk

  • Size

    281KB

  • MD5

    0da3fc66004320774a0ff35d239b3aca

  • SHA1

    6c514307ee8791903f48938983bfafb616fa8a88

  • SHA256

    a92cc791f8e9f6cd619ce76033a62c10e8954310e8791b5fa581a806b8ab898c

  • SHA512

    1460f012d213002407622032a8dd36c98a6bacfd5194bc5d0d0b4f5dbdb98acab06696fd6e4d4147d784cab8924d55df7eaeb3134b0042572b2985361ea6840c

  • SSDEEP

    6144:ylYXB3P9Em35L0JGiDWaYjtIR+UzvQNaAff0fEOmNdF2pW1s:OYXBlE8iDW1jtIR+MAcWNdF2R

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://abindizzobremin.tk

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.qvrgersr.auzbhei
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads