Analysis
-
max time kernel
149s -
max time network
159s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
13-03-2024 09:42
Static task
static1
Behavioral task
behavioral1
Sample
c58cb2d542178830e7d1a52227116256.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
c58cb2d542178830e7d1a52227116256.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
c58cb2d542178830e7d1a52227116256.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
c58cb2d542178830e7d1a52227116256.apk
-
Size
3.4MB
-
MD5
c58cb2d542178830e7d1a52227116256
-
SHA1
741f00d6ea8150d2baa39f27ca74c867284f993b
-
SHA256
59b0c482d02ef1211b936a329a99819f7c3c603808960b53eca558f293362c85
-
SHA512
36461b81c8dbb3fd5e3ded0d948a58b0f61e96753d4525fa0ce7671bef62078aeb69a292ccbf65071394d7bbec3277a3cec257a892f253cc86558bcb1c6d5657
-
SSDEEP
98304:4BoZZDIoNryzla4dBh1TL4bXmB4lAKW+PMTb721:4BoLIoYlHdBh1TLCXmB4l1Wr+1
Malware Config
Extracted
alienbot
http://34.141.27.218
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus payload 1 IoCs
resource yara_rule behavioral2/memory/5036-0.dex family_cerberus -
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId glove.resist.bring Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId glove.resist.bring -
pid Process 5036 glove.resist.bring 5036 glove.resist.bring 5036 glove.resist.bring 5036 glove.resist.bring 5036 glove.resist.bring 5036 glove.resist.bring 5036 glove.resist.bring 5036 glove.resist.bring -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/glove.resist.bring/app_DynamicOptDex/XSAyu.json 5036 glove.resist.bring /data/user/0/glove.resist.bring/app_DynamicOptDex/XSAyu.json 5036 glove.resist.bring
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5e5d671ee84362b09222d013a220a6eeb
SHA1d2980a2e12284bd169285ef1dc3e68162d0b948b
SHA256f63c12f376baa191e4645d1dd0eb2db030958e64f9f81e56dac3c3ca081c1df5
SHA51218009b49d43949f5d753c6d61806b277fd0eeeb53a9944d303179d728ecf3b09d8cb292d300b227aca38711999c5468855224d426053c12ee2f25ceeb3c2e281
-
Filesize
446B
MD5ee544f9ae904faa10e434e996e65d2e0
SHA1d096599125c199728ed4b2ca7f58f7fff0da4b4b
SHA256f4ec5c2451f5f0c0c16194d01149170ea594bb768788a555b0643887578b6fe0
SHA512fbbf24b1779b75a60c68ede589b89e55725607897251e3d9a380f3833e88e12cad51e6f5cc7845bd812dfca4d2c292cb31c3731fd78be3b34b61eaaf3e997e8d
-
Filesize
708KB
MD5cc0be1e0e8d8e477fcc17b3b0888953e
SHA179f8d1fbbcb54c34f3642289e9f10eeee696efbe
SHA2562a4e4e568eb7eba81075ed151763466d6505a4cb9ee9e447f373eb1a40bc1bc7
SHA5122982a62c5949e72d4dabd143a1ed305f532811f4ff2cb78bf54a2e04c47c38164cb6183e92e8d01c2b7a416e5fb1b7749cd2be0be7dfa7c1b1a8bbe0756ab9ce