Overview

overview

10

Static

static

6

d66798a8a8...1a.apk

android-9-x86

10

d66798a8a8...1a.apk

android-13-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    169s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240229-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
  • submitted
    09-03-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d66798a8a8ec5e377c105e87dfc0bc0e17a83d227eedec0aebea0e25d9d2c01a.apk

  • Size

    3.1MB

  • MD5

    ccd6474f845f6f448aab37baf1a96b87

  • SHA1

    cd0087379b1a45e9d4d3fa2c566092caf1a9719b

  • SHA256

    d66798a8a8ec5e377c105e87dfc0bc0e17a83d227eedec0aebea0e25d9d2c01a

  • SHA512

    19280b681a357862a208321a11e53fc2bc77ecc5c963d55fb77c97f12dd3c2fb804e591cad941c776f18cf626fd6112f823e5cb1688d30e95cf6e39a4b5bfbfc

  • SSDEEP

    98304:Hrc//D8HaGf3sJPBxDkW3OIG9u6Ll0D/Z/Z9WgCeLX2RY:Lw8HDaPBxDkWevl2vzFv

Score
10/10
alienbotbankercollectionevasioninfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://0lkoypi8ckkv9e.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.along.press
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4239

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.along.press/app_DynamicOptDex/oat/sNGIrWzAeT.json.cur.prof
    Filesize

    307B

    MD5

    2c3c169852f80b6699d43532e536c282

    SHA1

    e958f2abecc15c663ba770bee76296abaf1b5b80

    SHA256

    81aba12238f9248fa648bfe993a78bf288ea586f8def958d2c5ae033c008faa3

    SHA512

    628aa6ddefe31a06c0b33ddc8441f495925f606a742b23e94deaa269274f6bcb100683f216a617f84b08918937ae4bd30e4d0cf078456f0cfeb22ae0fb37bb55

    Download Submit

  • /data/user/0/com.along.press/app_DynamicOptDex/sNGIrWzAeT.json
    Filesize

    657KB

    MD5

    a2f7c1fcd1080b0b7a097984407e6f90

    SHA1

    272c3ef1df5494d6909a87e8134b19712bda3b15

    SHA256

    75178b4796ab4cb6ba9bca34cdaa2b44c2bf69a567b915f16aee44ac41636e6b

    SHA512

    00d2c9e8493f36a5611c4460b5060af87948a646a9d7170cb3fcbd02d3f87bb99fa0639b464caabf4faf82f627907525ff148792c8c6fa8cfaa1391112b6e437

    Download Submit

  • /data/user/0/com.along.press/app_DynamicOptDex/sNGIrWzAeT.json
    Filesize

    657KB

    MD5

    20f0fa517aa88936aebd860a4172ac83

    SHA1

    61333f9285ad6c2f388a05219cce1a1362d5a661

    SHA256

    ee5c0bfae25f1a028433513da9c3bec8c005dd9a930ac8f23695a48f74d951e3

    SHA512

    e394dae85f53306007a345232183668974bfcd6a4b7e1167514cdcd6e5f4889d533781fdaa8f11cd363a291686f8aed254c34975fcf848d157686aaab68a9234

    Download Submit

  • /data/user/0/com.along.press/app_DynamicOptDex/sNGIrWzAeT.json
    Filesize

    897KB

    MD5

    82494c8fe65bd464697b29f40631a792

    SHA1

    0b7674134313cd525089d06ba6ac18e1a2c8bd97

    SHA256

    c5cee810e235eb5b2f2f0361abcb688b81a053df6b90ffe17a71f820c9de5c07

    SHA512

    9e00aca2195c5e23fd95dbc2b30bde11bc9a0c65eab23bdde5fba793407eb49e9c26dbb99a907cb62bdd15333d83f643752758e33355bbbc810c7160198893ce

    Download Submit