Overview

overview

10

Static

static

6

493b35f8fa...4f.apk

android-9-x86

10

493b35f8fa...4f.apk

android-11-x64

10

Analysis

  • max time kernel
    3850010s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    07-01-2024 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    493b35f8fae4f4d06e36e98082560f4f.apk

  • Size

    3.6MB

  • MD5

    493b35f8fae4f4d06e36e98082560f4f

  • SHA1

    eff6ed1e028eef7e7d987b6e14c44ac3a828629a

  • SHA256

    ac2cb2c60ede6b43143cf2b98d56932d3f5c97aee0c5f4319e5539203cece079

  • SHA512

    f41399a73a4169218564de4bae3f54cb6886d90f4b6d35200ee48ac3a3f11ace2c5f73fc08047c42f727618ac536f7354cf6ae1605e21537f486712b3691a04d

  • SSDEEP

    98304:moYHqJY+PhhqidZzR8sD3p3uq/ZAl8lEDw:QEPh8idZV8sD3FTZq6Gw

Score
10/10
alienbotbankerevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://rndhsadjersxexdd.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • garden.Soviet.carbon
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/garden.Soviet.carbon/app_DynamicOptDex/YWUALlpGNxnCqPA.json
    Filesize

    767KB

    MD5

    6427b5bc340dd58e0e0760cf41741e6d

    SHA1

    7abfe8b374fcc4bf262226e7a8370bcffb3f852f

    SHA256

    2b0b3be826276b792d4851b118b0faaa2d563fe239a83dc74e2c8a0501534255

    SHA512

    caf892e863acb34d98624d928a4d7d7657c67d84078d4b6ba5288b631c69c143fd025cd1aa911c790456307e9460bc33a67f70eb3dafb80d0b75091ac76a5ac8

    Download Submit