Analysis
-
max time kernel
139s -
max time network
146s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
21-01-2024 09:44
General
-
Target
6cfcb56eb93a507447e3ddba3cf76b3b.apk
-
Size
3.0MB
-
MD5
6cfcb56eb93a507447e3ddba3cf76b3b
-
SHA1
86f4f6c1d1ec35c27e2d24b652ab94a4ccfa19c6
-
SHA256
f160c63d67ebf9a3a0c4ceba97386c52ba36f6255708d9374d04b5cf8857d0f7
-
SHA512
421da1eadce4571f4de76917a990da086977b8dd0c3e0616ac72f328fc921cd8f2ecadb85fa1db576ab6322a3f16993ace11d774fd6338ecead1ddec28aa7dda
-
SSDEEP
98304:mpl/KrDT94tYFOljKUA/XIK1jllhUlLnelEgM3PciY:q9wF4EJ1jlnUK78g
Malware Config
Extracted
alienbot
http://bua591qkf2xx.xyz
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 3 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
editor.damage.exclude1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/editor.damage.exclude/app_DynamicOptDex/ShoxRJesSQujMDYn.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/editor.damage.exclude/app_DynamicOptDex/oat/x86/ShoxRJesSQujMDYn.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD516406f78a3ad965881afe9b7d22df85a
SHA150499e9330a4ddded8a7460534db65f0c3dc8a01
SHA256aeec85d08af5419caf971337b8ea47db63a9bb899f316e5144422a2dbab5f01b
SHA512b36213c4379920319a954fa36eba55227975a89c4633e427123c4eb5b7594b1694749b47d060bf984f5887833a7a3ae3fde49ef2cad985ff627d3dd54ad5951a
-
Filesize
767KB
MD528e62f1819bc630099d997e86c3da662
SHA1e03a4f73254ef0518683f10abdf25d32f23fff24
SHA256dc4a019a9b01907daff31d7f89d1f2f309f481ba9e1afd20d717ed578f2d3396
SHA512ca03e6a9580c1b426f2cfc51d919ae2238a0d3e9d902747f230ecbb7b2bdc44103585e9b59356a8303dbbbd88b07732ef57056a346844397b3f28433c46851ab
-
Filesize
767KB
MD568d31ddf193e687eec400ae80ac81812
SHA1b853357963926ba7336096072943d61f05bac7b6
SHA2569e8c3e3fe9ffc9627d6da70f1ad32a99987227e7b5c4cdcfd8b16b7e4180d431
SHA5121f9d9ff832de618a2c617df92275be65e8b06fddffad8612c296085c703c8fe60a16c4b70965bd876fbdaae35c7d501e9b1dd2d5998aa8a40642cad270e84424