Analysis
-
max time kernel
3166032s -
max time network
149s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
30-12-2023 04:22
General
-
Target
0e4f6a0903ba99d6595ba32ee172dad3.apk
-
Size
3.3MB
-
MD5
0e4f6a0903ba99d6595ba32ee172dad3
-
SHA1
fae70fdbf2872e09860a1f875c36a9229d52d03f
-
SHA256
e9d76237d04e6f4eb66425f26e6c8441effd2fbbc6cb29cd5d2a2605491c7502
-
SHA512
ee541d58e4b5adf22ebd47bd6ff4cc944c2987ad6613a6f79850fe848925f9d803a32559f25f303ebcae199a7ab7eeb4bc65486522e027ffd1c3df4c9a0e0f3a
-
SSDEEP
49152:RfmKD7keCyZ4eBtW2hD07yzniXl8zzHUzy1vgqXppqj3FN3A89uKuzW5LnTnSkLQ:JkevZA2hl+Xezg0e3xuNW5jSkLneD
Malware Config
Extracted
alienbot
https://instagrambuyukprofil.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 2 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 IoCs
-
Checks Android system properties for emulator presence. 1 IoCs
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
gun.scrub.end1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/gun.scrub.end/app_DynamicOptDex/fhF.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/gun.scrub.end/app_DynamicOptDex/oat/x86/fhF.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
759KB
MD50381be385b39dc1d914f1d8196624a8d
SHA1102fb8fc1a0e26953aff2cdc2543e9b24e6f14d7
SHA256f4ab9f012c4379b1e126cb430733e08d6ec4d171b7a8acaad57b050f0c8ebd2d
SHA512d0056ceca92dc401c98cc7ea729e381a455f867bf4f5eb0fb5fc7d8eb19bb8f59785a802d35a798a34ec48d076b3726692c257396b74de4a4537a846be32a8ae
-
Filesize
759KB
MD5637504b24fa979af68ddb70fa2ca9272
SHA1091b0dd1cd4d5ff53abd4926eed1ea980d44ff4c
SHA2566dbf6c49b93849c9611850772c7a261460973b53ef23da9b751eed398569ca7e
SHA51232ee4a5bb2df8de0155903435a44ab85847873ba9ae9a33db6a2018776186b591895239898c1d6e62cd7e0c0461b535bde9d9165992ecd268e42b1408c64f52f
-
Filesize
505B
MD5c1744b9c212ee2231a1e17dbc0e86708
SHA1a40148a49be5da31b89fc8cf713ca52cdf04f70c
SHA25623262192cf8639b69ffcfa4d06607db5275ba9d18bab2916f357dc07c3659dab
SHA51278d8dc0542897443625999aae10590d01292b5e01be8dd00d13bd81ef13214326b2d9adceeb82693ab1cc66ded3b92781680d545d2877d4ef4307eb10595c54c
-
Filesize
759KB
MD572ba753d419f9fa2a468a82760ddeb84
SHA12c6c530f27e75c86c80d18b87a31ea21739008f9
SHA25602139b03d6464d3f744d572318b7ffd57ee1df1df7d14d2887c2f819779d5197
SHA512c6b09880159108a36aa9bbc11112e069c02b8b84ff92e5b776f5a17b45c437ba52c55c0defbe9bb4be22d37feb877ffd44add8d5a6fe6d1b3165bdecad7740a9