Overview

overview

10

Static

static

6

076b91babd...39.apk

android-9-x86

10

076b91babd...39.apk

android-10-x64

10

076b91babd...39.apk

android-11-x64

10

Analysis

  • max time kernel
    159s
  • max time network
    170s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    13-02-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    076b91babd63b5714b4feee3c502fdc519095d9469aaf67ea5532fa9e7a2e839.apk

  • Size

    3.2MB

  • MD5

    ba778123be2f17763bb14b3c96e89760

  • SHA1

    adde8ccb891b394619d8f49eb8f489b15037a833

  • SHA256

    076b91babd63b5714b4feee3c502fdc519095d9469aaf67ea5532fa9e7a2e839

  • SHA512

    fee7890ed63fa0b8a1f0a0e029302648873f81dcfd813382b9e6cd967295972eeff2973737d8432883d3c404d188fb73647ffd91cee7e8ee754bb79140aa61c2

  • SSDEEP

    98304:owN7yGv1Y8TxylMckA37rQe786qRi6mQHZ:owpyGo2pAEe789g6/HZ

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://34.89.218.199

rc4.plain

Extracted

Family

alienbot

C2

http://34.89.218.199

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 3 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • glare.series.notable
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4623

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/glare.series.notable/app_DynamicOptDex/UtfKRyp.json
    Filesize

    734KB

    MD5

    94168b579a242602127399066b4f0670

    SHA1

    6fe81a5d90ed8217e34d67d48bf36797a77bc0b2

    SHA256

    8a1e72d8ec8c9894ee467edd0177f285974868c1126e9e803be6c685cc556ac2

    SHA512

    20de9ab9e547365f0637f477760faf590fcfe7b6acefec07fd91c49c601a16c3f56fafe6d9be4cbd3ac09629a7354040c58b15b4fd55948009970b12f48295f2

    Download Submit

  • /data/user/0/glare.series.notable/app_DynamicOptDex/UtfKRyp.json
    Filesize

    734KB

    MD5

    57c19d7d5f0e705ae2bc44894976758c

    SHA1

    97f0be81f252bc25ad2dd3d9b1e3487bee67c05a

    SHA256

    34695b12bd796da78f703f05e67f7b9f3c1acee8cd70ea97cc9aa61a8aaa0b00

    SHA512

    9712099fbb4b3e47b72fe5783683c8d351552e8d5bd29f4edd8f2fc7f0e15494bf0bc7f31aa8402839c779bca771843d448e2f37041297c16ba46902462a969f

    Download Submit

  • /data/user/0/glare.series.notable/app_DynamicOptDex/oat/UtfKRyp.json.cur.prof
    Filesize

    370B

    MD5

    067c4cae5f378307abcb11f689fcd8f5

    SHA1

    8aa54ca49672603f0f5e88d47e5ecb2c7b81e487

    SHA256

    977a2192927c74326ab68c4837e57f9a4fd15a270c41ccd7d387d94cc7077b57

    SHA512

    212bb1af9215fd4477331d338b0c3d01d774dff8aaa0b3c6b118431c4d68ca784c0677fedc9e65248fd874a1f82ee336df1a26842ef4eba90917b8749e8ed56f

    Download Submit