Analysis
-
max time kernel
3675400s -
max time network
149s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
31-12-2023 06:27
General
-
Target
2bb048ef6c2ae453237650763f4ee065.apk
-
Size
3.1MB
-
MD5
2bb048ef6c2ae453237650763f4ee065
-
SHA1
eeb2a442ef58b2f3abeae720f15bc5058924ccd0
-
SHA256
83934375e68f23ced6f95e54354577f2fa3278b7098b28687f5c38f2ace053f5
-
SHA512
d78a1c6ead06aeb33b6cca7d5a339583bab49f338ad42e233d13773248c6434a9f5b3f23a68f8fa79160c4c35141e1f02f5a2b2f34ff15babe24f8237268b893
-
SSDEEP
98304:MTQpH215uQA20mL96k4Ri/RQKPAt2IZ8U0:MTYmAQA2rL9eipbPAtQ
Malware Config
Extracted
alienbot
http://abindizzobremin.ml
Extracted
alienbot
http://abindizzobremin.ml
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 2 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 IoCs
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
wave.stuff.pulse1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wave.stuff.pulse/app_DynamicOptDex/Ddq.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/wave.stuff.pulse/app_DynamicOptDex/oat/x86/Ddq.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
714KB
MD5e8309eea51709d161239f8cfa8204c9d
SHA1257e7328925eefb9611c26202383e1654ecad4ba
SHA256492cc934a34ed821f3d518772a492bdea99899232fcce4635cb139c12d3bc0a7
SHA5122e4aa4ff63823bde4de6c6ffdfdbcc1526cea48881b695cba4c7d5d0741fbcd38013280e0d1dbb31bbcc508d14e8638b984d60e89706761de658e06c109e9244
-
Filesize
714KB
MD5108c3fb48bea8fc93701ac7365c8785b
SHA18de749424b3a763aad2ab19ef860b6c38b3bd2a1
SHA25632f827fc435d6c28701e2ab7ce4f29402727a5a42e4a359470c4b434aac3f358
SHA5124fbb914dd966068fed365cee0ee7fcbc0be1e52bd82cb4f4404583a9a3f79efed6cd3453e95bbdfb4b78bbc93e40f60771594eed5464c47d1a16a5b053d565aa
-
Filesize
493B
MD55725729410f0a60706605fc83ad76de3
SHA1c9a2c3a64b924bab43961f4c6ac675c19bf33acd
SHA2562012a7bd561fb471a07e3975984dd8f25b1acbba312442e531964439831cef32
SHA5123e0e871493b0a9de99fca38a22ef9b90e361683ed6b6256576d320d14c6fbdc74449b796137cfcc823d1ec78cb02410578d9eeefd9dbce085e1bc539dce81479
-
Filesize
714KB
MD5300b7c0240d137a0ac9d2d7a55545cad
SHA1b2381f66a623328fe0850259e3ec94b0fe895993
SHA256b1b3dedb6273aca83a55f227a475aaef1beb5bcbc49c8da2f4cb0c0b9baa8ada
SHA5122267c7edd0912f59a70170f34e2476a63a9e064bb9988dd35646076c3f20a36a701a3d67948dae563c35970040855cbd62757c94c849af7c8c2282730ce2a515