Overview

overview

10

Static

static

6

1f9749e794...94.apk

android-9-x86

10

1f9749e794...94.apk

android-10-x64

10

1f9749e794...94.apk

android-11-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    08-02-2024 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f9749e79441b7ad455ff8bd6802e7bfee98abd2d9832b270389078033a2d794.apk

  • Size

    1009KB

  • MD5

    b21329c916c0a083e42e817b8491981f

  • SHA1

    3aaf1f036dc8cffd0a777c5bcb67039888faf60a

  • SHA256

    1f9749e79441b7ad455ff8bd6802e7bfee98abd2d9832b270389078033a2d794

  • SHA512

    0c90f7d0b263beddeb0330c30a4a8331ad37f28e6161666928a38faf9ec2608f4eb0a5094735d2f9a196b495d198e09d6e25a4b36e024fc16bb76a917a0b95b7

  • SSDEEP

    12288:OvrGcc4LVwwKvZxWcruFb6CAjAbvqvxMgaY1ZPDshjLM8veYqS0DQ365muQY:oGUVw9LSFb6CaksxkiPY3TGVQK5muQY

Score
10/10
alienbotbankerevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://mynewpath.top

AES_key

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • love.annual.layer
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4257
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/love.annual.layer/app_DynamicOptDex/ykCrbri.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/love.annual.layer/app_DynamicOptDex/oat/x86/ykCrbri.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4283

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/love.annual.layer/app_DynamicOptDex/oat/ykCrbri.json.cur.prof
    Filesize

    562B

    MD5

    6b6e7d029a5899f2c1e984896abe9e95

    SHA1

    d36db62c2248b07df81fc5eb3fa3b4e58f4d5914

    SHA256

    5c5edddbbf7a873f7929e888fdcd5772f54509442286199a6cb5fa5cf1cbad48

    SHA512

    d9ce622ce37828d30bc6e9047b3f62fa55d76783472be2c9358e95bc76c68c6bf4abec8d64cc2f0d9b18945a12b9aac515ba4d385dfac8925fb6a36e40f6a00b

    Download Submit

  • /data/data/love.annual.layer/app_DynamicOptDex/ykCrbri.json
    Filesize

    491KB

    MD5

    7ad8fdb924d66d1d3bdcb9978d16379a

    SHA1

    7ad6db22e3689c31a6ca45b981e3934d9f50bc5d

    SHA256

    5b351a19ccba97d67a4b0ed8f2edd56a01d1a5d5ff9ac70163b6edcfb988f16e

    SHA512

    e713c231e4233c66c9facc985ccc0a8f783a9a91aaaf6382f3ba870d1a27dbced22ac1e5e6b3df686936379b0532206bd0a2095fef4a6a6bfef62a43df491b30

    Download Submit

  • /data/data/love.annual.layer/app_DynamicOptDex/ykCrbri.json
    Filesize

    491KB

    MD5

    de4a1f3d3166fb206fa8037b2d1b7ce9

    SHA1

    64093497e098c974190c7703ef8e562cfb6a06d4

    SHA256

    69f7cf032132cced703ebac28b47063dfc54d9054f992a34a605be2ea66a60f6

    SHA512

    c4a9efed4266c708ad1a03e8571df6899936d26c62f9954cf5c0f1b0970b15afe2ca6a19d03883706cd092e52d3571b8a0f78703fb5bd957f6f735ea436c9e0e

    Download Submit

  • /data/user/0/love.annual.layer/app_DynamicOptDex/ykCrbri.json
    Filesize

    491KB

    MD5

    940625eb0e24a062f0722423e8a39399

    SHA1

    141525696013b3656dd05d223a7b9662f32305f4

    SHA256

    3423c5d66256c502d0a472553f16017dc99e7ed0657468cc627b6af5e40a5ba6

    SHA512

    e0ebc8c398be0e56601a00545593e47e23d0c1bce4ead846803d67e592d3dab77815247fd9e796b7278ae365ad0c8f6e4ee894824605361a5dbe21d415e48fde

    Download Submit