Overview

overview

10

Static

static

6

73f666b3dc...5d.apk

android-9-x86

10

73f666b3dc...5d.apk

android-11-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    25-01-2024 06:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73f666b3dc5ee66e202b3e365a524d5d.apk

  • Size

    3.9MB

  • MD5

    73f666b3dc5ee66e202b3e365a524d5d

  • SHA1

    3195a268d5fe4c181cf4178322afe629b03f1064

  • SHA256

    00c462f5b13e3bf21cc7b913719188644fac34cfb7a80893d551bbf512bb8570

  • SHA512

    5abd49342885a144ae0284cd258fd3ba2a8311b6c932e2fe5619dc89e3947f9c7478978d44c836c4348f17d73f51c9ce4516d2dc204e9b93d800720d1cb9217c

  • SSDEEP

    98304:Xi2uReewCW9W0rXFHK5WHofObKH150wISG1qwlE9:S2SIvX+Gbc0mcqGo

Score
10/10
alienbotbankerevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://a05qdzfe6qa1.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 2 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • there.discovery.excitement
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4260
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/there.discovery.excitement/app_DynamicOptDex/dEVDuX.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/there.discovery.excitement/app_DynamicOptDex/oat/x86/dEVDuX.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/there.discovery.excitement/app_DynamicOptDex/dEVDuX.json
    Filesize

    615KB

    MD5

    75c2d4c80710a22f0f07d02889076fde

    SHA1

    5794c583053d5f89ebde6b4b0975de85ab9512b8

    SHA256

    94e48a0a0de0feca72021f59f405bd8954bfa79548dc17cca123a8bf2c63fbfb

    SHA512

    3085880d3bcaac444798f44a185ab3430c2291faeecf94132809531e11677452942e0ce86a62b41675b44e003df8c3baa5e6eec653918f97c97c85af6231f6d0

    Download Submit

  • /data/data/there.discovery.excitement/app_DynamicOptDex/dEVDuX.json
    Filesize

    615KB

    MD5

    d0cd1672b409f45637df882b55a289a4

    SHA1

    988c162dfab747f421b59d76f2d337455204d150

    SHA256

    68589c59f29e6757630b15def88aabb7cd5fbdba9143f99cf3c1b5a615771a2e

    SHA512

    eee6b93184fb81e3604902d6207f33466274c09c9f4d71cfd79d6e7a1383e1d2646401c91fab86562ccf204e2e02c8b04e882190cf65a775de8717dc8190cfc7

    Download Submit

  • /data/data/there.discovery.excitement/app_DynamicOptDex/oat/dEVDuX.json.cur.prof
    Filesize

    1KB

    MD5

    ec5ca6f67fce5459221a3165dbf19e28

    SHA1

    0d3813fb79bf4e1d320b519c4e5fd3cd6f171c9b

    SHA256

    164d721736e1ed7837d23aa554bdd7c99b7dff6f5ef9cba6fd630fb9d8f6d9df

    SHA512

    aad7792e788c25a8859dd3937e6dc223d06a1b200ec16d7932bf845e0279863c391d69bd5b11a705f7492ac354bc72c923fc45bd485adaa9bdd15888c5914b32

    Download Submit

  • /data/user/0/there.discovery.excitement/app_DynamicOptDex/dEVDuX.json
    Filesize

    767KB

    MD5

    8e7ede12c6ae4ca3a6de43791ff40692

    SHA1

    031afea5920db86c17fc74e87cd2c49028aa6cfd

    SHA256

    1e194d9a8b42dc68e97b191543b7c80cf50577ac9a4067eacd2c7d1fbfaab566

    SHA512

    4f6322749a4152e5deaa1d082d5e825df921d53956a61895406d2aba2afed20f658bcfb4f52a5ce96f640b66536a987ffb64549bcba67705efb45c3788eeabdf

    Download Submit

  • /data/user/0/there.discovery.excitement/app_DynamicOptDex/dEVDuX.json
    Filesize

    767KB

    MD5

    dee5e8662ab0b775dc93113ad5400cef

    SHA1

    b5968d985092053164d905a89dd776ecb4500c23

    SHA256

    72a5de7e03d5ce7b7c9b35cbeb96c31a6242c672badc7be7415def7ec71bca3d

    SHA512

    16821e0795397253c8f3495487b0d85d1938b4f5ec33079bcb49ac4a8c05e7a90b6ba80d7563dfa9d0df439c7741e2a530a72116ac90c7dee5e8d322287a635d

    Download Submit