Overview

overview

10

Static

static

6

2a7d04d1b3...a2.apk

android-9-x86

10

2a7d04d1b3...a2.apk

android-10-x64

10

2a7d04d1b3...a2.apk

android-11-x64

10

Analysis

  • max time kernel
    52s
  • max time network
    101s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    10-03-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a7d04d1b38b24178a60bc0b68758630e0cb118823d4bfcbe97f36aff59331a2.apk

  • Size

    953KB

  • MD5

    34ef5ac3e6b35bd49cb43ce78a09c048

  • SHA1

    fbd4f305b6c7534407214ee2d63682475d00201b

  • SHA256

    2a7d04d1b38b24178a60bc0b68758630e0cb118823d4bfcbe97f36aff59331a2

  • SHA512

    7fe1575b9365ac6d246412ba4e7bc1301223ddebbd184c95153894eb4808e44b5fe54abe67ae938e7e924e78092dd4fb8efcfe892e21db351b680ed8b760ccb6

  • SSDEEP

    24576:UHpIk0a9cjvVuVc4TVtn/EP9ePIsDyZkB3/K5Pv:UJ3uv6nVtn09egTPv

Score
10/10
alienbotbankercollectionevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://mynewpath.top

AES_key

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • scissors.boss.wide
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4319
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/scissors.boss.wide/app_DynamicOptDex/ThE.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/scissors.boss.wide/app_DynamicOptDex/oat/x86/ThE.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4346

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/scissors.boss.wide/app_DynamicOptDex/ThE.json
    Filesize

    438KB

    MD5

    7fd00caac8a2e341f01d91cf4df827fc

    SHA1

    c6e2327ec45f165314bfd618d1a33efb410037fb

    SHA256

    5b7733327d0b6d093116265ca251741396d77bf1527e418f0f02d7271a24ba59

    SHA512

    1c6205dff0d99b533f2d39f6f78d270d187eae76a4db31b0f1a193a3dcb847772f09cf35a688830046bd0967aebd7b7a5ee9a9bac3e56a2755398820e1b49458

    Download Submit

  • /data/data/scissors.boss.wide/app_DynamicOptDex/ThE.json
    Filesize

    438KB

    MD5

    4838b9bf720dc8d2c0a4141242d6bffa

    SHA1

    47a5073870509924143fc19f44d8f757700d46ab

    SHA256

    f729355e23354dd7beaa653e881f29ad87506eb2bfcd66ea14e585919eecc997

    SHA512

    c09f6f324044ce2f33d711732bcd20059f6444e7186f321a00d95f93194f199ba728e84682bebc5c933ac8a164576fc97fa732855183068f5ea758541cb640bb

    Download Submit

  • /data/data/scissors.boss.wide/app_DynamicOptDex/oat/ThE.json.cur.prof
    Filesize

    578B

    MD5

    b9e3cad673d8bb31a5ee1113e2b80586

    SHA1

    b49ded6369a1d1e43993833848f7742c82179b8e

    SHA256

    c646af2e8af769f6b4851a498b695ea4629c11b8916ed8a60192c73669af803b

    SHA512

    63e5869d435a60476e2c3069a4be4713c221a8ece0d81cffd5a8d1925136e36864efab319440c338f269efa7d38d6c1c2cc8729047710ccf7aabc3ab1bb39641

    Download Submit

  • /data/user/0/scissors.boss.wide/app_DynamicOptDex/ThE.json
    Filesize

    438KB

    MD5

    9a457538eabcf31fb08416fc8c1a4e37

    SHA1

    8da490a9d42aee2f20713de971109e98b5c8f062

    SHA256

    f88dd24a10039c5494057716271c36b94d4686028247aa8a9beaa18be66f748c

    SHA512

    e26c840eceb5d8016b52e869927656e55dce0dacec6a1ac243e034f0843827e09efcb8ab33cd307e43b50a9e9b3688e74cf7282ebd8fe57f6b641dce44db8c03

    Download Submit