Analysis
-
max time kernel
3525530s -
max time network
139s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
31-12-2023 09:25
General
-
Target
30c89c2cb856d9ec5ea26ac8cf8084b0.apk
-
Size
3.9MB
-
MD5
30c89c2cb856d9ec5ea26ac8cf8084b0
-
SHA1
b3511c4845849455079ffaa9ea8d38310990229c
-
SHA256
ffdf537102cad9f4b12795bde56c421e8d7a627e2939a56aff448ef04cdbe336
-
SHA512
a1b37c843e50fd7f1e4d3d69ab349159a26f490da9caaa00a69d87c4b80668a47e4593c218e88c7e3772e1392e7aafc5c5bcf684e0ed6930ac2f39db3413515f
-
SSDEEP
98304:HsNwtuKRIDpiP+JEPLrq+lrjoTQS9505ISGOO+q8PAooJCxgTF:MNyQi1LuQR1NRvAj8gB
Malware Config
Extracted
alienbot
http://qjqamv11oh6o.xyz
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 2 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
desire.because.driving1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/desire.because.driving/app_DynamicOptDex/PWXvdNDhc.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/desire.because.driving/app_DynamicOptDex/oat/x86/PWXvdNDhc.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
615KB
MD5952f3334603bb10bebf9a23afdd3e5ff
SHA1efad9bc7a2e73238319851eb417fc3351d888df3
SHA256d0e8e8902f13d285432e9e5f9ecfaff4121a1e07469142b6f1cf3e1ab4db69ca
SHA512af73b710e485b24f5f5582119669a3df78d3d7bb40e34e0399e86db861367ced63046c95368f98996e3c28e6d1b2517f4f3ce231c99a4a8be73215fc638a6df3
-
Filesize
615KB
MD5586c1ea6331393405ba1753a8422f735
SHA157acea17257688ec5a9497f203a7a3b6728369e6
SHA256dc8653fe7a49cb65bfbfaf67941a55681a9dd3668732ef7753b792bdf1fdf590
SHA512dc4d1f532209e46823e72dfcaeeee0c47a933b8c840d7b04dc285ad4b29510bbda97602644e8be2213238db306e4f86f1d1e359bbb0dded2b533781be57421dc
-
Filesize
1KB
MD5cd36a9f861f5b47a43a30aee38c0aa47
SHA1718fff6275929aefe88136ecff0618c305344feb
SHA2563bb68ae8691d2dd541f33932ec502ce616adc4a926bce8dbd553160e0913bf3c
SHA5128ed10959bf0c0e3ea86cb1659ac22a485699e5d354c43bdb31f41a57c273ba76c98896096b8e4d9ecb4f748b26351830fdce8659668f43742bf6776a2b4f8b0f
-
Filesize
767KB
MD5cf516a3c6374874eb507583b57b8e50e
SHA1be547be2379086707b09fcb267296d571c7012b3
SHA2568c0ed0fc16b5023f6bc2d121a1f73801ad90a3f64cc51d8f382fbe0e60cc3815
SHA512fd68cfa30ff26566330ab312def76bb2dac9a6f9badfd345963736db4c659e69d94b406b69420ce6b8580dc236f7dd43e0bee6053c728f37fb182113e80b23c4
-
Filesize
767KB
MD5195e40aa07616d080ea9eedb5881a54e
SHA15c07e0d2feed945bbbb59b25e4eba5d9745a5942
SHA2567dadd1f073197b5c1cd9844b3f175dacf1cfba9c3cee4a6d7ba86a4a26a65f72
SHA512270120dbf84adc0004decf6e4418aa6c284a70af7b53b97930ee4c1e2ef04114a75073e3106d1aa1e1fa96b9287a1671ce6b8e16aacd00617930ebc2fba1f0a7