Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    14-03-2024 10:47

General

  • Target

    c86f20dc93c1d5427ae149ce89e764d2.apk

  • Size

    311KB

  • MD5

    c86f20dc93c1d5427ae149ce89e764d2

  • SHA1

    c0f961ba8df77cfe6848b6679b94f398bf2e5053

  • SHA256

    1236be7fd1385b2543205404d96f37bded28a626d27d1e0a1dd4c570ef6dd2ad

  • SHA512

    d8a283b5a5225ddfac96c1be5c21ea90b32df70d5639392c8afbc20d675f838459fe0aa428baf7db7b44beab28006df8801d700190351ae28b12e738acc588aa

  • SSDEEP

    6144:x19xxvzXZYfrhtyjHpj1V6HGdVDse3U0ls6yiAZ4oFT8A9K9LhRFYwbOh4hZm:Rxxv5jHRSmdJse3UiBgTR9K9LnFYwb8/

Malware Config

Extracted

Family

alienbot

C2

http://abindizzobremin.tk

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Requests enabling of the accessibility settings. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

Processes

  • com.hgukldiuhpjpjjnf.xgxiqavgnnxpz
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4247

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads