Overview

overview

10

Static

static

6

8d244ac025...a2.apk

android-9-x86

10

8d244ac025...a2.apk

android-10-x64

10

8d244ac025...a2.apk

android-11-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    03-02-2024 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d244ac025fb51c1348003dc9c3c3ea2.apk

  • Size

    3.3MB

  • MD5

    8d244ac025fb51c1348003dc9c3c3ea2

  • SHA1

    fab5bd3e1504011efe253dfc344852f6b5c644a1

  • SHA256

    ee5632e3c0717693c9ab993c2b0c5b6edb503383215895f99800d915d92d1b8e

  • SHA512

    83b782add0d8aeb33e18e29749c30665fe9139a8926e8c01c143f1299671633525c25a9c727b9e2f542b3763c031f7116669a5d937c60c40117a6309b0881caa

  • SSDEEP

    49152:771bqaWjVs+yld286HLJ9USJ1Wad4g7f/S6/LB+hYcx19CFMbDTt/u6DI6GHwZyM:WVsjl/UoSqaXqIF+kaDTQAyCjenE

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

https://instagrambuyukprofil.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 5 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • umbrella.thought.elevator
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4478

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/umbrella.thought.elevator/app_DynamicOptDex/dUlxss.json
    Filesize

    750KB

    MD5

    b09c79c73e85c95d5409091410312d62

    SHA1

    65844a73e7830d96ab9d8f82600b27ad2b7e97e2

    SHA256

    af0d4e3075b52f8f316710bed19fa065c0422e19cda2c2b0ab3da6c542c2b6db

    SHA512

    b9884524de07cb35bcc1413baa75a1224418cfdbde13100ee0206ed8289331231a43d0139bc58aaa5a74269b4d89b4fb8e33798b97259dc6dfc8251a5dc108f9

    Download Submit

  • /data/user/0/umbrella.thought.elevator/app_DynamicOptDex/dUlxss.json
    Filesize

    750KB

    MD5

    dfabaf12f2525cfc93875294f27aa02e

    SHA1

    5ad1e3c4e216ceaf232d7efe48100bd65e7ea0cc

    SHA256

    3f9c6c381b8eb307664813ccc4815ae24baa1bd41224c840f79acb65c95b9e49

    SHA512

    79fef0ae5defbdaaf8e12c41e789c8ed511bc1c11d060860d79fb0a3017b95cbd262d893b846d79b55efd38c8a4a7c8d1ed027ca1d4f8ab4701460a496cb920e

    Download Submit

  • /data/user/0/umbrella.thought.elevator/app_DynamicOptDex/oat/dUlxss.json.cur.prof
    Filesize

    356B

    MD5

    da6275b7987de6a9fa32adbc13cd4d25

    SHA1

    5d5b8627adbf4e0a93d30b8d668f78f908422e79

    SHA256

    ffde230f5e87e1bf96ea63e11d3c145b05e0c97927c54ac5f932247e6a071a61

    SHA512

    e782e92d5e9ef3289ba797bb1af21d81e103633d039c6c066c3d53d7da65dd93116e684fe2910d4df6a29f4f08ba42b238a75a8fe9978909f90c77171d76d6af

    Download Submit