Analysis
-
max time kernel
145s -
max time network
152s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
13-03-2024 09:42
Static task
static1
Behavioral task
behavioral1
Sample
c58cb2d542178830e7d1a52227116256.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
c58cb2d542178830e7d1a52227116256.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
c58cb2d542178830e7d1a52227116256.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
c58cb2d542178830e7d1a52227116256.apk
-
Size
3.4MB
-
MD5
c58cb2d542178830e7d1a52227116256
-
SHA1
741f00d6ea8150d2baa39f27ca74c867284f993b
-
SHA256
59b0c482d02ef1211b936a329a99819f7c3c603808960b53eca558f293362c85
-
SHA512
36461b81c8dbb3fd5e3ded0d948a58b0f61e96753d4525fa0ce7671bef62078aeb69a292ccbf65071394d7bbec3277a3cec257a892f253cc86558bcb1c6d5657
-
SSDEEP
98304:4BoZZDIoNryzla4dBh1TL4bXmB4lAKW+PMTb721:4BoLIoYlHdBh1TLCXmB4l1Wr+1
Malware Config
Extracted
alienbot
http://34.141.27.218
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus payload 1 IoCs
resource yara_rule behavioral3/files/fstream-2.dat family_cerberus -
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId glove.resist.bring Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId glove.resist.bring -
pid Process 4403 glove.resist.bring 4403 glove.resist.bring 4403 glove.resist.bring 4403 glove.resist.bring 4403 glove.resist.bring 4403 glove.resist.bring 4403 glove.resist.bring 4403 glove.resist.bring -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/glove.resist.bring/app_DynamicOptDex/XSAyu.json 4403 glove.resist.bring /data/user/0/glove.resist.bring/app_DynamicOptDex/XSAyu.json 4403 glove.resist.bring -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS glove.resist.bring
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
708KB
MD5bea250ccba37ddcf3b0017e8731ce3a9
SHA1bfd2e049b89dfb856ee8e7425ad8aa82409fd144
SHA25604af61af06f512f39157a4aa3a200d0cf83f5985639837fdf87abe18f4d38699
SHA51285604f40c8b84b2123721648a849660e723d87fef26aa250e2d0ac35c433d912d48addc32e0aeed4c74e294780c43a84e5a19aaa7eceb30ab87a7261137d2848
-
Filesize
708KB
MD5cc0be1e0e8d8e477fcc17b3b0888953e
SHA179f8d1fbbcb54c34f3642289e9f10eeee696efbe
SHA2562a4e4e568eb7eba81075ed151763466d6505a4cb9ee9e447f373eb1a40bc1bc7
SHA5122982a62c5949e72d4dabd143a1ed305f532811f4ff2cb78bf54a2e04c47c38164cb6183e92e8d01c2b7a416e5fb1b7749cd2be0be7dfa7c1b1a8bbe0756ab9ce
-
Filesize
331B
MD57e63084134f25aa8d9e97bdc54bd6ad3
SHA17d9a3491d4bce26e259668c1ece36241e6016378
SHA256bf0166435e177fa0e1baf441614e2e12eb13c8b09ed497c360cf8c032b6283eb
SHA512ba1a643df1f985fafa806f34e3a666dc6b4c38e66f3ba062eac537db3f6e8e858bca358b4bdb09ab496e150f4fa9870d43068a2c6f42586c5e6a365d4540e3cc