Overview

overview

10

Static

static

6

076b91babd...39.apk

android-9-x86

10

076b91babd...39.apk

android-10-x64

10

076b91babd...39.apk

android-11-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    13-02-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    076b91babd63b5714b4feee3c502fdc519095d9469aaf67ea5532fa9e7a2e839.apk

  • Size

    3.2MB

  • MD5

    ba778123be2f17763bb14b3c96e89760

  • SHA1

    adde8ccb891b394619d8f49eb8f489b15037a833

  • SHA256

    076b91babd63b5714b4feee3c502fdc519095d9469aaf67ea5532fa9e7a2e839

  • SHA512

    fee7890ed63fa0b8a1f0a0e029302648873f81dcfd813382b9e6cd967295972eeff2973737d8432883d3c404d188fb73647ffd91cee7e8ee754bb79140aa61c2

  • SSDEEP

    98304:owN7yGv1Y8TxylMckA37rQe786qRi6mQHZ:owpyGo2pAEe789g6/HZ

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://34.89.218.199

rc4.plain

Extracted

Family

alienbot

C2

http://34.89.218.199

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs

Processes

  • glare.series.notable
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:4999

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/glare.series.notable/app_DynamicOptDex/UtfKRyp.json
    Filesize

    734KB

    MD5

    94168b579a242602127399066b4f0670

    SHA1

    6fe81a5d90ed8217e34d67d48bf36797a77bc0b2

    SHA256

    8a1e72d8ec8c9894ee467edd0177f285974868c1126e9e803be6c685cc556ac2

    SHA512

    20de9ab9e547365f0637f477760faf590fcfe7b6acefec07fd91c49c601a16c3f56fafe6d9be4cbd3ac09629a7354040c58b15b4fd55948009970b12f48295f2

    Download Submit

  • /data/data/glare.series.notable/app_DynamicOptDex/UtfKRyp.json
    Filesize

    734KB

    MD5

    57c19d7d5f0e705ae2bc44894976758c

    SHA1

    97f0be81f252bc25ad2dd3d9b1e3487bee67c05a

    SHA256

    34695b12bd796da78f703f05e67f7b9f3c1acee8cd70ea97cc9aa61a8aaa0b00

    SHA512

    9712099fbb4b3e47b72fe5783683c8d351552e8d5bd29f4edd8f2fc7f0e15494bf0bc7f31aa8402839c779bca771843d448e2f37041297c16ba46902462a969f

    Download Submit

  • /data/data/glare.series.notable/app_DynamicOptDex/oat/UtfKRyp.json.cur.prof
    Filesize

    419B

    MD5

    1c301936b71a9bec77fbf8611dd20435

    SHA1

    ed5d253e726350d56e89534e2b18af61c1c0f182

    SHA256

    3d5b78469e6705e5a687d4e8a6c6abd77923e4137926e0dbd9e68fe9fc0a6a87

    SHA512

    313cd11179d4df445b5d0cf0f068f74fcdcfd531b22034f7872d5d634d9fda0845a01e402476a7edddec700e8fca4ca9b75f8fb03ff2c482b9ab468908826f41

    Download Submit