Overview

overview

10

Static

static

6

076b91babd...39.apk

android-9-x86

10

076b91babd...39.apk

android-10-x64

10

076b91babd...39.apk

android-11-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    13-02-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    076b91babd63b5714b4feee3c502fdc519095d9469aaf67ea5532fa9e7a2e839.apk

  • Size

    3.2MB

  • MD5

    ba778123be2f17763bb14b3c96e89760

  • SHA1

    adde8ccb891b394619d8f49eb8f489b15037a833

  • SHA256

    076b91babd63b5714b4feee3c502fdc519095d9469aaf67ea5532fa9e7a2e839

  • SHA512

    fee7890ed63fa0b8a1f0a0e029302648873f81dcfd813382b9e6cd967295972eeff2973737d8432883d3c404d188fb73647ffd91cee7e8ee754bb79140aa61c2

  • SSDEEP

    98304:owN7yGv1Y8TxylMckA37rQe786qRi6mQHZ:owpyGo2pAEe789g6/HZ

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://34.89.218.199

rc4.plain

Extracted

Family

alienbot

C2

http://34.89.218.199

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 2 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • glare.series.notable
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4222
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/glare.series.notable/app_DynamicOptDex/UtfKRyp.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/glare.series.notable/app_DynamicOptDex/oat/x86/UtfKRyp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/glare.series.notable/app_DynamicOptDex/UtfKRyp.json
    Filesize

    734KB

    MD5

    94168b579a242602127399066b4f0670

    SHA1

    6fe81a5d90ed8217e34d67d48bf36797a77bc0b2

    SHA256

    8a1e72d8ec8c9894ee467edd0177f285974868c1126e9e803be6c685cc556ac2

    SHA512

    20de9ab9e547365f0637f477760faf590fcfe7b6acefec07fd91c49c601a16c3f56fafe6d9be4cbd3ac09629a7354040c58b15b4fd55948009970b12f48295f2

    Download Submit

  • /data/data/glare.series.notable/app_DynamicOptDex/oat/UtfKRyp.json.cur.prof
    Filesize

    434B

    MD5

    4912b37708c33942d64054c30cee78ee

    SHA1

    c08cedcac62cf56f2165124a377149389f5889da

    SHA256

    8f8a2165814ee4eaf7be7c9bed2b475b83e47c2d31d96c1fba67e58d33c624a2

    SHA512

    c15d62bc726841516ea68c70a4df725cd33db0e3c01c293fe954cccec361d931ff139b6a8815dc9793475448fb045b0a0c4c03c9a9a0dac60b4457281130683f

    Download Submit

  • /data/user/0/glare.series.notable/app_DynamicOptDex/UtfKRyp.json
    Filesize

    734KB

    MD5

    57c19d7d5f0e705ae2bc44894976758c

    SHA1

    97f0be81f252bc25ad2dd3d9b1e3487bee67c05a

    SHA256

    34695b12bd796da78f703f05e67f7b9f3c1acee8cd70ea97cc9aa61a8aaa0b00

    SHA512

    9712099fbb4b3e47b72fe5783683c8d351552e8d5bd29f4edd8f2fc7f0e15494bf0bc7f31aa8402839c779bca771843d448e2f37041297c16ba46902462a969f

    Download Submit

  • /data/user/0/glare.series.notable/app_DynamicOptDex/UtfKRyp.json
    Filesize

    734KB

    MD5

    5650c621cdab5dd7c82c14b8578ec53f

    SHA1

    7f6f73246192ebef2d1da2485cfd57ca8f624a52

    SHA256

    2ef0ce2852eb5698f575ab941842b31df506e3d00c1d5f61ebf86aab4214dd93

    SHA512

    17cb846d17666c61be3f1cc19578d21379ed54c6d4d101cda297ebf5d63bd26d088fd250c0f6b63c93810f2759b2e33e00bd26205437c19b896ab1af94a7f43e

    Download Submit