Overview

overview

10

Static

static

6

8a9e2ecc89...64.apk

android-9-x86

10

8a9e2ecc89...64.apk

android-10-x64

10

8a9e2ecc89...64.apk

android-11-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    02-02-2024 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a9e2ecc89f8190eeda6a5574222d764.apk

  • Size

    1.5MB

  • MD5

    8a9e2ecc89f8190eeda6a5574222d764

  • SHA1

    cbda65c114994affc4f0a87567398c0a11e42776

  • SHA256

    1c530b6be1b94f43588b7a3cc3bf3c41b4ad5cc1c687ca6a64be628019d49f3c

  • SHA512

    c02a92f23171221beaae3f75cb869947e9f661c6cd20cd1ead675e8ece1197234087cd1bf657e91094fe49295931197bad12f73e0596552e0682a65934cc084f

  • SSDEEP

    24576:H547kbuQ7rkgnwIlnrfH/4w2TedoHNj/Ldz4iid2UurtNc3+FTrtIOk9RKgJ:zpnwI9rfH/3dWNrLdz40dRFvtIOk9oI

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://operolstels12.site

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • lcpratmbqgenqximrlium.akur.leidcbirxeoxjzldtcfmdruputm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4630

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/lcpratmbqgenqximrlium.akur.leidcbirxeoxjzldtcfmdruputm/app_DynamicOptDex/lsAQxI.json
    Filesize

    697KB

    MD5

    02d6e5c8c2337819ace0deabfa00916e

    SHA1

    b8c87309d63960c6ff134a0c0c6244243be49efc

    SHA256

    3bb6d4ac366b9c3e319b5cb9be1fd5b6d6f4a90aae6b86015b7322134b66bd67

    SHA512

    f44d3d5c5bba50fdff5ed49179b2068edd95f26c452a5d7732df8bbfd78bd0387d579c6eca876ea5c76956f45b2028ffb9ab0c545842cb64cd7492ced684888a

    Download Submit

  • /data/user/0/lcpratmbqgenqximrlium.akur.leidcbirxeoxjzldtcfmdruputm/app_DynamicOptDex/lsAQxI.json
    Filesize

    697KB

    MD5

    33dcd9ea315e89c4bca5a277ede79580

    SHA1

    c5e3dfdb2457cbd7a017ea072b87d2a27fc44631

    SHA256

    10b1f93f0ed459e9ae7d783e45589988dd1582db26a8bccf44d8e2e25f97a817

    SHA512

    2459c321cfc895ba175e5ad539def3fdd358c9bd2bcfc8a67865ed2ee5c3afe8c60824bfa19b4ab45ac6ac3f6137809df1ba93b8d012b248cb7c6be8a2202c57

    Download Submit

  • /data/user/0/lcpratmbqgenqximrlium.akur.leidcbirxeoxjzldtcfmdruputm/app_DynamicOptDex/oat/lsAQxI.json.cur.prof
    Filesize

    330B

    MD5

    354bb057a0918ac0f88f980e6695683f

    SHA1

    654ecfced49b470e8ec74d9fd373d33d2131e00c

    SHA256

    639a342808c4a3d3fd64a0572e86c24693c31767ef737eeca2eb4533d9ddcfe4

    SHA512

    4e723602e1873db855e2e190502d1ac77812086776ef9dc5e3df4107498d056ab47a79e8eba7e7da6901e4e1ee952bc37c2a2e561e24ffd47506582ffa3cba7d

    Download Submit