Overview

overview

10

Static

static

6

d4862294c6...7b.apk

android-9-x86

10

d4862294c6...7b.apk

android-13-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240229-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
  • submitted
    10-03-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4862294c6ff8f0143477daa672a185ab11bec2ea4dc519154ba40f18eee537b.apk

  • Size

    4.2MB

  • MD5

    323dca576f6f80d4686a114e5bbd4630

  • SHA1

    25db138426c117b696cc3557a0a83bc93daf1747

  • SHA256

    d4862294c6ff8f0143477daa672a185ab11bec2ea4dc519154ba40f18eee537b

  • SHA512

    4f4517100df7c81af27ae3bdc7b8865e682b0d74810effea80b1456c95f5abca79bae69c6483976ed1fb00184c12fdef973a275c0e7dafe653f2ca86cc2720f3

  • SSDEEP

    98304:VY5l5X9MwuU6udn2fc/q/K9tASvCxwSBrO5quGigyC7Lj5onhMv9TfgDv:K5n74u12MeDAqliY7LjWhMv9TgD

Score
10/10
alienbotbankercollectionevasioninfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://wf4sctx9cksg94528o7o.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.birthday.purple
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4229

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.birthday.purple/app_DynamicOptDex/lWykzdP.json
    Filesize

    697KB

    MD5

    9ed1f2f3e6b49ce806f1e39d6ac758e1

    SHA1

    6ed13c6d1601e74402e1f93dfcb144d73b8d9117

    SHA256

    96be1d9fefd5157c1efac79b44ea29cd3ed23e32af692c70cff0edb6cb8a1172

    SHA512

    45ec7a09429ddb4dba92cdf5f9aa2dd778e1747e74b255fcd9dae7a4e263fc035aaeaaa758ee75b35dc8456eda01597efd8aa9b0609eee23cc4b632fbf300b20

    Download Submit

  • /data/user/0/com.birthday.purple/app_DynamicOptDex/lWykzdP.json
    Filesize

    697KB

    MD5

    d8eb871ba6eb7eb9741eaeb16443239e

    SHA1

    3d6b4bd50d381cfc380c0b0851dbd7ed90fb5ab0

    SHA256

    d031b64bf66332840a6c4da99d8c5dc4550e778e59d44fb4f6f78ac0c86f2548

    SHA512

    93992ed6432d07922c52a6e2a722812da09921fdb91bec086b3ae06303e4e7b6252d6eb292eeea6971e3fdf879a8d8356f8400bf900ef0e7b5c6a19d7bc91113

    Download Submit

  • /data/user/0/com.birthday.purple/app_DynamicOptDex/lWykzdP.json
    Filesize

    917KB

    MD5

    ff232e9e7bec582a91bf4d1a0fd6eb6f

    SHA1

    77e34f4ff036bb043443e36b541e655939720990

    SHA256

    f641805319fb83b7167e69df31c23922eed4fe7ce1b81211dbf692f744e2cb11

    SHA512

    ccc41280ed882fc03a8749882edf9a9e27007aa5f37f001f2bfbc1ea3f31327ee3977167766a0c9afc3d545e4138b1458039c02ae6ef6f96b69d9affa8429198

    Download Submit

  • /data/user/0/com.birthday.purple/app_DynamicOptDex/oat/lWykzdP.json.cur.prof
    Filesize

    320B

    MD5

    b41f690d2f6d52c846bb7c34039e54e5

    SHA1

    c726fa2dbde119e7569458797451aec5bf691f53

    SHA256

    6dcb94cb174d7bab24b02275da4d75dd71b662139ea6a3a96c4d5e583cf274bd

    SHA512

    a849f7d418b10e0289cc9af0cd31f8889273baff34c9de3c06f59427c2f066880e9051561d97c456330dbf0774183d1504449be80aa9e55696f21240bb7f5bc9

    Download Submit