Overview

overview

10

Static

static

6

2a7d04d1b3...a2.apk

android-9-x86

10

2a7d04d1b3...a2.apk

android-10-x64

10

2a7d04d1b3...a2.apk

android-11-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    152s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    10-03-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a7d04d1b38b24178a60bc0b68758630e0cb118823d4bfcbe97f36aff59331a2.apk

  • Size

    953KB

  • MD5

    34ef5ac3e6b35bd49cb43ce78a09c048

  • SHA1

    fbd4f305b6c7534407214ee2d63682475d00201b

  • SHA256

    2a7d04d1b38b24178a60bc0b68758630e0cb118823d4bfcbe97f36aff59331a2

  • SHA512

    7fe1575b9365ac6d246412ba4e7bc1301223ddebbd184c95153894eb4808e44b5fe54abe67ae938e7e924e78092dd4fb8efcfe892e21db351b680ed8b760ccb6

  • SSDEEP

    24576:UHpIk0a9cjvVuVc4TVtn/EP9ePIsDyZkB3/K5Pv:UJ3uv6nVtn09egTPv

Score
10/10
alienbotbankercollectionevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://mynewpath.top

AES_key

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • scissors.boss.wide
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4429

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/scissors.boss.wide/app_DynamicOptDex/ThE.json
    Filesize

    438KB

    MD5

    7fd00caac8a2e341f01d91cf4df827fc

    SHA1

    c6e2327ec45f165314bfd618d1a33efb410037fb

    SHA256

    5b7733327d0b6d093116265ca251741396d77bf1527e418f0f02d7271a24ba59

    SHA512

    1c6205dff0d99b533f2d39f6f78d270d187eae76a4db31b0f1a193a3dcb847772f09cf35a688830046bd0967aebd7b7a5ee9a9bac3e56a2755398820e1b49458

    Download Submit

  • /data/user/0/scissors.boss.wide/app_DynamicOptDex/ThE.json
    Filesize

    438KB

    MD5

    4838b9bf720dc8d2c0a4141242d6bffa

    SHA1

    47a5073870509924143fc19f44d8f757700d46ab

    SHA256

    f729355e23354dd7beaa653e881f29ad87506eb2bfcd66ea14e585919eecc997

    SHA512

    c09f6f324044ce2f33d711732bcd20059f6444e7186f321a00d95f93194f199ba728e84682bebc5c933ac8a164576fc97fa732855183068f5ea758541cb640bb

    Download Submit

  • /data/user/0/scissors.boss.wide/app_DynamicOptDex/oat/ThE.json.cur.prof
    Filesize

    202B

    MD5

    44ed36f2386b55f1ecb33d0854d832d2

    SHA1

    7beceb82a0d3aed1113f1ddad0de7bdfd9978472

    SHA256

    9202247e64ea92561d9babfc389ea94346b95db941a9f2aff039906f7de40b8e

    SHA512

    13a5e0068dc5fb3fe939048045997f6f67c0f9bab1e5ff509dc325b39fabab25ab1dd98c3ba56ede776f6630c96e6283331f12cbb6f6b08de4d5176de344e6de

    Download Submit