Overview

overview

10

Static

static

6

1f9749e794...94.apk

android-9-x86

10

1f9749e794...94.apk

android-10-x64

10

1f9749e794...94.apk

android-11-x64

10

Analysis

  • max time kernel
    54s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    08-02-2024 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f9749e79441b7ad455ff8bd6802e7bfee98abd2d9832b270389078033a2d794.apk

  • Size

    1009KB

  • MD5

    b21329c916c0a083e42e817b8491981f

  • SHA1

    3aaf1f036dc8cffd0a777c5bcb67039888faf60a

  • SHA256

    1f9749e79441b7ad455ff8bd6802e7bfee98abd2d9832b270389078033a2d794

  • SHA512

    0c90f7d0b263beddeb0330c30a4a8331ad37f28e6161666928a38faf9ec2608f4eb0a5094735d2f9a196b495d198e09d6e25a4b36e024fc16bb76a917a0b95b7

  • SSDEEP

    12288:OvrGcc4LVwwKvZxWcruFb6CAjAbvqvxMgaY1ZPDshjLM8veYqS0DQ365muQY:oGUVw9LSFb6CaksxkiPY3TGVQK5muQY

Score
10/10
alienbotbankerevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://mynewpath.top

AES_key

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • love.annual.layer
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/love.annual.layer/app_DynamicOptDex/oat/ykCrbri.json.cur.prof
    Filesize

    196B

    MD5

    0d623647be1b653aaf730fb09902f032

    SHA1

    8bd4b98fc71688855203d944de6987d31ced6346

    SHA256

    f8b7d5bc2de4495e0f97f8ea4cfda0244ed9725e92403b01ee8490ae87d3f074

    SHA512

    1a8ba441fae4893419ea67e6645ef533a9bcca0df5408c3c982fc718b2e3569793c9463a74dbd575a122eeaf8a67a16fbfdee46899d240033e0f5c0f10db6a4e

    Download Submit

  • /data/user/0/love.annual.layer/app_DynamicOptDex/ykCrbri.json
    Filesize

    491KB

    MD5

    7ad8fdb924d66d1d3bdcb9978d16379a

    SHA1

    7ad6db22e3689c31a6ca45b981e3934d9f50bc5d

    SHA256

    5b351a19ccba97d67a4b0ed8f2edd56a01d1a5d5ff9ac70163b6edcfb988f16e

    SHA512

    e713c231e4233c66c9facc985ccc0a8f783a9a91aaaf6382f3ba870d1a27dbced22ac1e5e6b3df686936379b0532206bd0a2095fef4a6a6bfef62a43df491b30

    Download Submit

  • /data/user/0/love.annual.layer/app_DynamicOptDex/ykCrbri.json
    Filesize

    491KB

    MD5

    de4a1f3d3166fb206fa8037b2d1b7ce9

    SHA1

    64093497e098c974190c7703ef8e562cfb6a06d4

    SHA256

    69f7cf032132cced703ebac28b47063dfc54d9054f992a34a605be2ea66a60f6

    SHA512

    c4a9efed4266c708ad1a03e8571df6899936d26c62f9954cf5c0f1b0970b15afe2ca6a19d03883706cd092e52d3571b8a0f78703fb5bd957f6f735ea436c9e0e

    Download Submit