Overview

overview

10

Static

static

6

46fdb068ce...72.apk

android-9-x86

10

46fdb068ce...72.apk

android-10-x64

10

46fdb068ce...72.apk

android-11-x64

10

Analysis

  • max time kernel
    3761802s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    06-01-2024 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46fdb068ce8eda8fce387134a4fd4172.apk

  • Size

    3.3MB

  • MD5

    46fdb068ce8eda8fce387134a4fd4172

  • SHA1

    2f56a65676d377f552a86a4482ee1bf104d05b09

  • SHA256

    8e168f31f3bf0564d11b01e180d301f41e3582a89efc5ca15ed40a402c0ca3dd

  • SHA512

    e34acb562bbda4702da6f83bd6c4b79aea02a0b982d8a88aadf298db27bb524220b8b7be17cddffa78f662f93d95dac118b77fe831e669a158387cdcce72ec06

  • SSDEEP

    49152:Hsjwrl65NLyheuX0HK/tYhZRpfO9uDtIlhf7Ln0LmeDfb6iIZtiXvDyUhVEtRGML:K5N+hbf6d3to7eme2GxhVURGAyznop

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://34.89.151.222

rc4.plain

Extracted

Family

alienbot

C2

http://34.89.151.222

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs

Processes

  • half.soap.civil
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:4913

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/half.soap.civil/app_DynamicOptDex/OCWRke.json
    Filesize

    704KB

    MD5

    ed34f7a0b358db36436688a8482a9186

    SHA1

    650e5ac5783db6c4fe003d9e1e1af72735e44982

    SHA256

    7f40fee4c6842559da50b7e7cbb45e17737f0290525058e4c348792bf500aaaa

    SHA512

    8e124ebca6ac5cc498dd21297f2faf7038ab7693d6dda2fb0e8445d68d1011e0d39cae02d6951f90f42db35c846ea45a8f28c86177c979a300a95096a83e7236

    Download Submit

  • /data/data/half.soap.civil/app_DynamicOptDex/OCWRke.json
    Filesize

    704KB

    MD5

    e02f74e213e4248fa71e725cb89ef152

    SHA1

    7144708ce00d81fc10f6f1f3b3430ac61b351aa9

    SHA256

    4bb01aa0d64e90f69106ebfd760f57ee5864aed39f3d7f6bcfc9f013032424df

    SHA512

    dfd54f7fdba8945ff81a78a4c42e6f5d5691792809f9ff615708fcd398b8d42023f93825d3fde71a41c9f7207304cb183b02760e85a1294436f83b238c75f586

    Download Submit

  • /data/data/half.soap.civil/app_DynamicOptDex/oat/OCWRke.json.cur.prof
    Filesize

    427B

    MD5

    b189a64aafa16623a22d3c68114de0c1

    SHA1

    27ef638f4f91b40cef372b77ede5c1b10522bf74

    SHA256

    091ac847227e5e386e7c599bcad159105a453109ac043cb8a575b7bb82bb3e0c

    SHA512

    5ba2f57d6c79195ab4f97c8b7af62abe3c602975bb44fa178c625335571459da4c90ea405d7906131ec05ec30435ac4d92db2b6d66bd30036c048a52721d0ec4

    Download Submit