Overview

overview

10

Static

static

6

3facbb2db4...4c.apk

android-9-x86

10

3facbb2db4...4c.apk

android-11-x64

10

Analysis

  • max time kernel
    3528725s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    04-01-2024 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3facbb2db4514bb75024c024cd6cb54c.apk

  • Size

    3.9MB

  • MD5

    3facbb2db4514bb75024c024cd6cb54c

  • SHA1

    c05f3107bda2c934741d83e69245714eadcb4b94

  • SHA256

    593d445311e7ada395c706c60b7fd2cbd614cb23c37e7603188fe465d05add55

  • SHA512

    01c0f875c84af30ffc3670d58ba496d8d775e8e01d19f803bccbb4ca34f906b9ed8c03ca5b4f242a4b1bbd916e8b94b0c8ca13fe5fa7b1fcd3ccf7570b0d50b1

  • SSDEEP

    98304:T24Y+9MFeGwb9+glbu1T2S/sYtlv338RYJL5fVvMiHlrqFlXVErx:i4ZuFU1lu17/VlJLxFXZqFlMx

Score
10/10
alienbotbankerevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://bua591qkf2xx.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 2 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • decorate.angel.admission
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4248
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/decorate.angel.admission/app_DynamicOptDex/XcDPfmirFglAeSXN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/decorate.angel.admission/app_DynamicOptDex/oat/x86/XcDPfmirFglAeSXN.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4273

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/decorate.angel.admission/app_DynamicOptDex/XcDPfmirFglAeSXN.json
    Filesize

    616KB

    MD5

    8ee9c1b54650df11059a0ddf652362d5

    SHA1

    31cd334b6e7d92ad2378a771964ae0549b08589c

    SHA256

    b43445c65f04eacd060baa8d9bc250769528b94c4862bdc3e5edc1416b7891d3

    SHA512

    b8738a7f2570b6b2ef27e20b1e18a8f8fd5545c87ae4b637185760380fda60f71e897bde82446a2730ec1925d1c6ae1bc961225dd4302a67756cbe845cf56d2b

    Download Submit

  • /data/data/decorate.angel.admission/app_DynamicOptDex/XcDPfmirFglAeSXN.json
    Filesize

    616KB

    MD5

    056bc314fa67f092eb23b8b6ea09ff2b

    SHA1

    ddc87b88a5da0d853185ca7f85f2c39523233f86

    SHA256

    e4fd930be5bb3543dd00a4131f2b98409fd14c3dee734c22aa8ff2de472d3710

    SHA512

    0c6c7c59cff96603685c3bb84b217cac6e04a79e183e40856adbc9a953eebb1e6d5d643bb4dc29b3e470cc0a1c38801787a6f08d1d7f2aba68ab0cf6825282d1

    Download Submit

  • /data/data/decorate.angel.admission/app_DynamicOptDex/oat/XcDPfmirFglAeSXN.json.cur.prof
    Filesize

    1KB

    MD5

    bf1165de477e7cbcba88bd17ffc5855f

    SHA1

    0e2aed17ec32d88920d856ed7ff04ede062c7b4d

    SHA256

    f889997d0a31bd0fa6dd2248c27ddc30df71ad96fd350b8fb3e153950d15ccec

    SHA512

    8e825ba6547e768b2d114a20bd3ddc2da370633aba7c9d33b2651fed3e987978997e3be59f472f64578bc9e33643cb594e44ddb1b6d076d7288d4f9140e4b816

    Download Submit

  • /data/user/0/decorate.angel.admission/app_DynamicOptDex/XcDPfmirFglAeSXN.json
    Filesize

    767KB

    MD5

    af1260befdfa48b0976265cb0dea837a

    SHA1

    b1149bd648f67ac277441c5c72858be71363b462

    SHA256

    0a7a609259a1c0c550020a86f92b26870245df423a7330cbd2d4f8414cd3fd1e

    SHA512

    1835f8fcfa3bafb802bf1fd1a591119f1e5e0b360941f34b391d74873d634b3e46d1c06b3d39ae063f14cedd2dc08c738723a071ae774621c36c9757782d6b5e

    Download Submit

  • /data/user/0/decorate.angel.admission/app_DynamicOptDex/XcDPfmirFglAeSXN.json
    Filesize

    767KB

    MD5

    c7fc64f724de1f94eea4ce2dd07d0162

    SHA1

    b617b03bedc0081fbac882f1904c4cb78eb7782b

    SHA256

    0fc6f77d786156cd94d2a6176e64adcad0a91a7386e5f4c698f013ba95a19253

    SHA512

    0ca798cc1cab8b96391ba5e7085178c7e70d8cc88e4620fb4f327bc2278f743430c94666be8a4cb63b8c084ca5784d6b64938ea91dc1f361bfa16810dda3120a

    Download Submit