Overview

overview

10

Static

static

6

d66798a8a8...1a.apk

android-9-x86

10

d66798a8a8...1a.apk

android-13-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    09-03-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d66798a8a8ec5e377c105e87dfc0bc0e17a83d227eedec0aebea0e25d9d2c01a.apk

  • Size

    3.1MB

  • MD5

    ccd6474f845f6f448aab37baf1a96b87

  • SHA1

    cd0087379b1a45e9d4d3fa2c566092caf1a9719b

  • SHA256

    d66798a8a8ec5e377c105e87dfc0bc0e17a83d227eedec0aebea0e25d9d2c01a

  • SHA512

    19280b681a357862a208321a11e53fc2bc77ecc5c963d55fb77c97f12dd3c2fb804e591cad941c776f18cf626fd6112f823e5cb1688d30e95cf6e39a4b5bfbfc

  • SSDEEP

    98304:Hrc//D8HaGf3sJPBxDkW3OIG9u6Ll0D/Z/Z9WgCeLX2RY:Lw8HDaPBxDkWevl2vzFv

Score
10/10
alienbotbankercollectionevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://0lkoypi8ckkv9e.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 7 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.along.press
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4241
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.along.press/app_DynamicOptDex/sNGIrWzAeT.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.along.press/app_DynamicOptDex/oat/x86/sNGIrWzAeT.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4270

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.along.press/app_DynamicOptDex/oat/sNGIrWzAeT.json.cur.prof
    Filesize

    1KB

    MD5

    3f7e69f0d5bc03decc572f6d642bb998

    SHA1

    6d09378c3a2835d6890562fa46488d7bc173dfb9

    SHA256

    78639ce2db779b09bb5e84c34ea2f416079e69dc537edb3490e389188f8fd1a9

    SHA512

    52f9bd1748c66727d172ba26f8e320a247057c4ab507e68032d7898444d06f7317802bdc7dd93df9b9be6491c803be5d97c17a2423ea66dd5526317b7f0d793d

    Download Submit

  • /data/data/com.along.press/app_DynamicOptDex/sNGIrWzAeT.json
    Filesize

    657KB

    MD5

    a2f7c1fcd1080b0b7a097984407e6f90

    SHA1

    272c3ef1df5494d6909a87e8134b19712bda3b15

    SHA256

    75178b4796ab4cb6ba9bca34cdaa2b44c2bf69a567b915f16aee44ac41636e6b

    SHA512

    00d2c9e8493f36a5611c4460b5060af87948a646a9d7170cb3fcbd02d3f87bb99fa0639b464caabf4faf82f627907525ff148792c8c6fa8cfaa1391112b6e437

    Download Submit

  • /data/data/com.along.press/app_DynamicOptDex/sNGIrWzAeT.json
    Filesize

    473KB

    MD5

    86e47191604c4cb7b3db8627165b4e43

    SHA1

    18cba84e0b838f5ac21145b7e4dd4f75abf95abb

    SHA256

    e5a9d511d592312156b032e94e8aa1e7799b9b7409bbd3c728d1a1f25942ef51

    SHA512

    20d40f75089e68303c259d4f2414e89d1910f5b4999836b16ed2fdd7bb390d947f8af0e79b8d52d5699ea6428afb56dce450848134b6f1d30af343497b550398

    Download Submit

  • /data/user/0/com.along.press/app_DynamicOptDex/sNGIrWzAeT.json
    Filesize

    897KB

    MD5

    5cfc96ae70b67aa4d24eb23fa7b08d51

    SHA1

    4eaef4cd786402e5f8bcb99bfbce20e0441d3d98

    SHA256

    a3c99e616b988de68cdc604aa6932dc198ada4861d9740a59aa7d12612c819d6

    SHA512

    eb87a32cf19d2880dfd1d1815230049ca0bae5831c244a30d420853a2e883c162cb500be62c159d28d11f4490dbcdb995bd64458ab6fee085b626a5be88503ce

    Download Submit

  • /data/user/0/com.along.press/app_DynamicOptDex/sNGIrWzAeT.json
    Filesize

    897KB

    MD5

    82494c8fe65bd464697b29f40631a792

    SHA1

    0b7674134313cd525089d06ba6ac18e1a2c8bd97

    SHA256

    c5cee810e235eb5b2f2f0361abcb688b81a053df6b90ffe17a71f820c9de5c07

    SHA512

    9e00aca2195c5e23fd95dbc2b30bde11bc9a0c65eab23bdde5fba793407eb49e9c26dbb99a907cb62bdd15333d83f643752758e33355bbbc810c7160198893ce

    Download Submit