Overview

overview

10

Static

static

6

947c8d4414...8e.apk

android-9-x86

10

947c8d4414...8e.apk

android-10-x64

10

947c8d4414...8e.apk

android-11-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    15-02-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    947c8d44144d81f95a93fab15ebaae7fbfb63794f2a1a34eeedecb1007aa608e.apk

  • Size

    3.9MB

  • MD5

    5accee10223e4527eab88fba93403a0e

  • SHA1

    cddd2579a928cca9855f96fc0579d2b668792232

  • SHA256

    947c8d44144d81f95a93fab15ebaae7fbfb63794f2a1a34eeedecb1007aa608e

  • SHA512

    358bcd1c5f8a4e31670e6b01968d3ade123bc081cb3cd5d080551c84c26a8f6e29dab40acdf8b131499e341d1409d73bc90a08c4265bd1fde86c169943809e28

  • SSDEEP

    98304:IbSNi7wdynQlJ0GEswbTK4oytTl/6HnDH:IbSNi7KGgJ0o071t4H7

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://panamaxb.digital/

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 7 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • fringe.gadget.wage
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    PID:4919

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fringe.gadget.wage/app_DynamicOptDex/UQDhhsU.json
    Filesize

    786KB

    MD5

    7a1dec2283f3fc2ae2837f56969baaad

    SHA1

    17d8469d664766a654b03a80ab500162ab775dd8

    SHA256

    ce081f7982ec6f4a0f7714e5424b8f39679b0033293d90e1c4597c542fb6bd80

    SHA512

    a8ebdf3fa4d9e83fc245c4f06484b52110f401eeeddb4a8513df4cb4643eace343953c2574652ab0481502326eb626890680d49b89b404a036899fd9c7e243b7

    Download Submit

  • /data/data/fringe.gadget.wage/app_DynamicOptDex/oat/UQDhhsU.json.cur.prof
    Filesize

    389B

    MD5

    cccf11d4c3b3fd9337c15eacb28a9f7d

    SHA1

    ddd2b490d0ac7917f4ac55e3214eeb24fb8ac1d5

    SHA256

    41d5dcec267b2940481fd4d3dd511251a39b17d7a60e7d39d069abf816306a18

    SHA512

    1124b6c276dfca71e9c6eb6c2cfce1aaf07fc821a3e06ac761f74843e061ed793347284ae2dde143f369fe553ca559145bd1bdd34b90314c6b4f63b4358e8034

    Download Submit

  • /data/user/0/fringe.gadget.wage/app_DynamicOptDex/UQDhhsU.json
    Filesize

    786KB

    MD5

    9dcb577c3701787eefd9f8030126d9d8

    SHA1

    dd58ad14d55b00c9d35c4ac9f24d2ef02c7c661b

    SHA256

    b2f7a4e2a4ef7f79c99fb3cfec5472d417ee200121ce4477e87260ecd75a4463

    SHA512

    513e467c5414287f903bcdf3c2a5bcb73d1dbdfe47953ac6f63b22641f8c61b9fb66256dd8bc5b22d7acb0c14f2b4cf6b5daa18660bfc04c1c376722ac9999e2

    Download Submit