Overview

overview

10

Static

static

6

3f44e53892...f7.apk

android-9-x86

10

3f44e53892...f7.apk

android-10-x64

10

3f44e53892...f7.apk

android-11-x64

10

Analysis

  • max time kernel
    3516568s
  • max time network
    152s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    03-01-2024 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f44e53892fe1ea4abb5eb537ca347f7.apk

  • Size

    3.1MB

  • MD5

    3f44e53892fe1ea4abb5eb537ca347f7

  • SHA1

    7514748d3f77056e71055134bb417ee519f460bd

  • SHA256

    463ca1a29f83ee11ed4d37bf6ce314dcad99c8fcfe4ae3e3f7fcc2574f3c70c7

  • SHA512

    cc9e3a6cb21d1105484cfbeb2dcb9c022720aa45ba7c1415a17d9c60f48c512d2ff69d315afbacf4ae029e3e6537f0143c6efda4f41cf852c7f8e3bf4a9a0d6c

  • SSDEEP

    49152:4DbPoWUOyc0t9TEw+YGFLcHiLJMnbA53gZ8fmrPQycdFIVVGolJNhkV3rzjQBYC+:oUTZt9JtMLaA3irgIDhm3rzkY511N

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://34.89.218.199

rc4.plain

Extracted

Family

alienbot

C2

http://34.89.218.199

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs

Processes

  • shop.unlock.subway
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:4970

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/shop.unlock.subway/app_DynamicOptDex/Bc.json
    Filesize

    608KB

    MD5

    397579cf246506aa9b1963c7a7a2ed45

    SHA1

    24eaeb94d5af2c67144270534ef3866ca2a8fd9a

    SHA256

    3e37b8dc23f612f45644610a564870a5e8f4083dc42c6ba55b3ebd1e5690f24c

    SHA512

    75de40ffa81e0e6204cfa7e0c66fde9f0e8c2ec8dd9a9194d7e9fbec71a4697123a8b9fa5759054b11127193c78d090e62971fc210d70ed3133dae05a05acdf6

    Download Submit

  • /data/data/shop.unlock.subway/app_DynamicOptDex/Bc.json
    Filesize

    608KB

    MD5

    6e6c44930cf0757f1dbccfc883f6f942

    SHA1

    204c94c635e9423c009fc5b7ac8f3c6733ac85d8

    SHA256

    8cd67d0a0de284ec0be28cb2fa3f69a601735cbae0fb44c69d877a4a5634f871

    SHA512

    c96df88cb73221a6d01abcb6e3a89927d858bf79ec5eb3a10d3e4d9cf0106495c68cfadc0dbef46ff35ceb9e57d0e7f5b222dff7a68a87fa5b2a265c4eb03e5b

    Download Submit

  • /data/data/shop.unlock.subway/app_DynamicOptDex/oat/Bc.json.cur.prof
    Filesize

    412B

    MD5

    fe5189bb3130a21b0959a1df2b75e021

    SHA1

    816ec364ec89697c216e4b17f0ad45fd107b80ae

    SHA256

    3524f5a4892a5a8f50abfeca635263e64b06e4cc6c221a189a2740faf6f698c2

    SHA512

    8e54b42ebbcdb10500d1f80527c5e80dfa890c48faee65851c28409846d68b225bf281080f3fa37d2494bc45a5bbf53df8688084497344d2c95de5b6ec6e3873

    Download Submit