alienbot | f10a48b0a8a85e61e7bbc887eda018dcb5696c52d0916c9823479fdb6df986be

Analysis

max time kernel
358183s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
17-01-2024 02:54

Target

618e83239de2e1083ff0e00b4e677f4a.apk
Size

327KB
MD5

618e83239de2e1083ff0e00b4e677f4a
SHA1

1516a54b260488771fe0b008e78dcf08167b9174
SHA256

f10a48b0a8a85e61e7bbc887eda018dcb5696c52d0916c9823479fdb6df986be
SHA512

5b4cefc10b0edcb2651ab9291009e67e1bb2ea39af9f90658d26ef93d6afcf113c6ff20fe3f35721dcbe2f4e34d13931c7c04e22851d3742b322cd0565a5a793
SSDEEP

6144:d50gl5WehhLc3qsMSJoTgwiXXsVdZp9VXgHgC+Y+Hk:v0iR6qsMMHsV3Ve9V

Score

10^/10

Family

alienbot

http://cybercyborg.info

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot
Cerberus
An Android banker that is being rented to actors beginning in 2019.
banker trojan infostealer evasion rat cerberus

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

Processes:

com.goqqo.davpwpovk

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.goqqo.davpwpovk
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.goqqo.davpwpovk

Removes its main activity from the application launcher 7 IoCs

Processes:

com.goqqo.davpwpovk

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

com.goqqo.davpwpovk

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.goqqo.davpwpovk

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.goqqo.davpwpovk