Analysis
-
max time kernel
137s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
15-02-2024 22:02
General
-
Target
947c8d44144d81f95a93fab15ebaae7fbfb63794f2a1a34eeedecb1007aa608e.apk
-
Size
3.9MB
-
MD5
5accee10223e4527eab88fba93403a0e
-
SHA1
cddd2579a928cca9855f96fc0579d2b668792232
-
SHA256
947c8d44144d81f95a93fab15ebaae7fbfb63794f2a1a34eeedecb1007aa608e
-
SHA512
358bcd1c5f8a4e31670e6b01968d3ade123bc081cb3cd5d080551c84c26a8f6e29dab40acdf8b131499e341d1409d73bc90a08c4265bd1fde86c169943809e28
-
SSDEEP
98304:IbSNi7wdynQlJ0GEswbTK4oytTl/6HnDH:IbSNi7KGgJ0o071t4H7
Malware Config
Extracted
alienbot
http://panamaxb.digital/
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 2 IoCs
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 IoCs
-
Checks Android system properties for emulator presence. 1 IoCs
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
fringe.gadget.wage1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fringe.gadget.wage/app_DynamicOptDex/UQDhhsU.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/fringe.gadget.wage/app_DynamicOptDex/oat/x86/UQDhhsU.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786KB
MD57a1dec2283f3fc2ae2837f56969baaad
SHA117d8469d664766a654b03a80ab500162ab775dd8
SHA256ce081f7982ec6f4a0f7714e5424b8f39679b0033293d90e1c4597c542fb6bd80
SHA512a8ebdf3fa4d9e83fc245c4f06484b52110f401eeeddb4a8513df4cb4643eace343953c2574652ab0481502326eb626890680d49b89b404a036899fd9c7e243b7
-
Filesize
786KB
MD59dcb577c3701787eefd9f8030126d9d8
SHA1dd58ad14d55b00c9d35c4ac9f24d2ef02c7c661b
SHA256b2f7a4e2a4ef7f79c99fb3cfec5472d417ee200121ce4477e87260ecd75a4463
SHA512513e467c5414287f903bcdf3c2a5bcb73d1dbdfe47953ac6f63b22641f8c61b9fb66256dd8bc5b22d7acb0c14f2b4cf6b5daa18660bfc04c1c376722ac9999e2
-
Filesize
463B
MD55150f5f2a7928934af9d32a1c407923d
SHA12646e546885ed03eb5d95fe8ac3bdc6c85d1f1ce
SHA2560ae83d12bcc54e097e0abe6a27363f1f2be3da69df30902fe256fb5f52d88a99
SHA512acefa35d82504fb10c6a51f156260d4616778eb8ae026bffe5cebd3611b036ce1d322e7053081955517b64c7f09c30fde9ea8a03651ede582849a85aaaaaeba9
-
Filesize
786KB
MD57bdc5c1606a1b8a6e6a01a0983de8cda
SHA12694dbe9416589b3114b5052f4fb6eace56f8af9
SHA2567fae3ff5ccfd0217068fd2816e36d663aa77a833c813f4dc6bad2e2afe9ae4a0
SHA512fa4482534ea26842ef90cb05073a47671d03187da848ca6d96d6ed5d4cba6abf19e265477c5632da6829982c786cc5187dd01672959285a12cc15ade3dcbf1f8