Overview

overview

10

Static

static

6

0845cbc7d6...27.apk

android-9-x86

10

0845cbc7d6...27.apk

android-10-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    129s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    23-02-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0845cbc7d695779678c606be985935229338aa40620f6a64d4e4c5d478163827.apk

  • Size

    4.3MB

  • MD5

    f51a0e997823700f11a8898d909ffae5

  • SHA1

    7ba675d8d0105ff5ee6e101602a3fef105708529

  • SHA256

    0845cbc7d695779678c606be985935229338aa40620f6a64d4e4c5d478163827

  • SHA512

    c7747f1a405773d77741d46c5613ca89d8de5528104b5820fe54d329e5c63bb3e8b954525ff3150f9634db4fb229108ad1eaa64e94d1d844a858499f238b819a

  • SSDEEP

    98304:Uad5I7OiqO3hASdBycfDxa/1/R94XmxUBqazKl1lje+6yprKVoXMY3MlL9xMK:b5I7vqc1DxI1xUFzq1ljHXFIoSlLDMK

Score
10/10
alienbotbankercollectionevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://buuc5x0r7x98fj40mg2x.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 7 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • co.collection.beyond
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4322
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/co.collection.beyond/app_DynamicOptDex/rBSwINuWu.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/co.collection.beyond/app_DynamicOptDex/oat/x86/rBSwINuWu.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4351

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/co.collection.beyond/app_DynamicOptDex/oat/rBSwINuWu.json.cur.prof
    Filesize

    1KB

    MD5

    93d07b5815051cd8933f788f172bc0ae

    SHA1

    c6f224cb18e87dd4c079fc27fc42b8002d777f8c

    SHA256

    057c298497aed58dcdfc959e3e6676313c45d0596e8608e190fdb19ee6faf5d9

    SHA512

    d8550e74a43012de20e07fec47007a3c220784507261b54e5bc98e4bf26159a7c8051929acc4cdaa3a1264334e18423e771f00ffc95aae41884e1ddc662b1932

    Download Submit

  • /data/data/co.collection.beyond/app_DynamicOptDex/rBSwINuWu.json
    Filesize

    169KB

    MD5

    13ce3636364258a52928593a8b15f48f

    SHA1

    d12dd4dfd328b14bd0077d65c391a419004e0f88

    SHA256

    0a271322ade855aa1e3e592bb8c4dc02de24a8d61668892ed4340520aa73e71f

    SHA512

    32fb3b86a6306cbc1f4a69b269778afc3bb82b4e54e6ae0c5f91b017a7bb28476a5049c011fa4994df8b15637e1d1873dfe68281d996d4668f03319377ede71f

    Download Submit

  • /data/user/0/co.collection.beyond/app_DynamicOptDex/rBSwINuWu.json
    Filesize

    912KB

    MD5

    c437c4404cac1770b466858f7236c033

    SHA1

    924208ec287391beb4980b36cf0939607b19aed1

    SHA256

    8b39517346b82fd5bc48974c95ec98fef434a1d246eb0882dff3793658d621be

    SHA512

    b5c9e1a9fe4581437f62fef378cbe3ec1e0aad362c241dd37e9b19426b2a108913b23d3f0c71e114d5858ff2dec5b84fe905866f359f01d54b07a0725d457240

    Download Submit

  • /data/user/0/co.collection.beyond/app_DynamicOptDex/rBSwINuWu.json
    Filesize

    912KB

    MD5

    5a77570cc9441e3d883ae3338b5fe388

    SHA1

    d73c0cc494ce89f6dc8943173c34d3a1c5205fc9

    SHA256

    5cc6a3aa68a9d190aabfffb30172cbcca5a5766c0ae772131b9c7afc68569f39

    SHA512

    1a7af87bda4d06d530d671ed2afdd0f8be1f287df3eb091fc45eab8404e9c5c0f00f532b0d6d86ffec4936612b55537be037e7c05a33adbe5815d5e9af134043

    Download Submit