Overview

overview

10

Static

static

6

30c3f2a449...e9.apk

android-9-x86

10

30c3f2a449...e9.apk

android-10-x64

10

30c3f2a449...e9.apk

android-11-x64

10

Analysis

  • max time kernel
    3525407s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    31-12-2023 09:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30c3f2a449c75990d049b3245f2df2e9.apk

  • Size

    3.3MB

  • MD5

    30c3f2a449c75990d049b3245f2df2e9

  • SHA1

    af3e95111238f858b94a3a7a8bb4f81a6579dcf7

  • SHA256

    c23475ee87755d08d0ed5aadf879454724349798e811af0c33bc20d9c61a01d9

  • SHA512

    d0a08c8208e565afb94ea96b22ec4625412a62153c6cdf4e1c87bff26aecf6f0652c091702703c9c8e6a82decffc9d858eca955d63140ed2e14b4d47acfcd879

  • SSDEEP

    98304:HG1UR3pqsr74qEOPYD5v7XYhi/WPEMsdAL/u:HG1Gpqsr745v7ohi/Wsyy

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://34.89.151.222

rc4.plain

Extracted

Family

alienbot

C2

http://34.89.151.222

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs

Processes

  • field.tackle.urge
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:5106

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/field.tackle.urge/app_DynamicOptDex/dHfCId.json
    Filesize

    644KB

    MD5

    b6317f00c0896935dcc039e39db41155

    SHA1

    94a23bed8bdfdfc25bdee762334cfb31681c8456

    SHA256

    306c585838aa882bdf9269a68fd8178f62353284926bd65e64a444e66b127175

    SHA512

    6db9049b9a388824bf5f602199b08f486d4e1dc84ddb784508ca96847a56bad9a6e829b27eb2de25ba3b55e989663fe79b79f9fa238009adba04cd053d5db557

    Download Submit

  • /data/data/field.tackle.urge/app_DynamicOptDex/dHfCId.json
    Filesize

    644KB

    MD5

    f07dbd5bc590633ae3fe1ec9605a73ea

    SHA1

    31f90f8940a86ec1eb2adf6e3c8982b44a043b73

    SHA256

    4725e0121feaf15c38e96f9712cb5cede3ccf183da857e864bebc1c16b692bba

    SHA512

    4344fc7a7f0cf5202ddcab8f8c00111863d041e28bd2ad832c469f80cccf710cccd2be9f2b13b43eda8e19d9ec5383d9375eabb779b49fb19965c05251abace5

    Download Submit