Overview

overview

10

Static

static

6

cf326fbe33...ca.apk

android-9-x86

10

cf326fbe33...ca.apk

android-10-x64

10

cf326fbe33...ca.apk

android-11-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    136s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    16-03-2024 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf326fbe332f899b85f210dbee70dbca.apk

  • Size

    3.4MB

  • MD5

    cf326fbe332f899b85f210dbee70dbca

  • SHA1

    835ff482e4c037e8f5aa66bcf6dc4ac83abea6a0

  • SHA256

    1122a8215822a30c43ad684be7a2c8e4e4733d12b7e5a3aea4b570dc807ce8f1

  • SHA512

    f7c9227cd1e9b92a960c027fe998aa191ee31e0898d27ffeeba05e6c4b20aaf3c87fbe3be5e915c37f041ec36d190c89e7a75125b75558caf499f130d4df6f79

  • SSDEEP

    98304:c+RoZL1TRC1xLRffffTeipEXg/B0aLkjyn05Bv0azfkj:c+RoF1TRWlT2Xg/LYyn05Bsifw

Score
10/10
alienbotcerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://mysqlsystem.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 2 IoCs
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • spot.mistake.apart
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4277
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/spot.mistake.apart/app_DynamicOptDex/Xk.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/spot.mistake.apart/app_DynamicOptDex/oat/x86/Xk.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4303

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/spot.mistake.apart/app_DynamicOptDex/Xk.json
    Filesize

    725KB

    MD5

    8a31b0ea54e8991589f79d8a52d5552e

    SHA1

    bca8c0129e19757094a04e1d2e32511f9395af96

    SHA256

    f43a4ddd98a94712f15b813dd2b48b1b1aaebfd201f51cfc918e9e81125c287c

    SHA512

    09ef9e9e10e897a924e7f9a5c8b4ffb8d2723408136e28b4026f704dd3f7f5a33d0ac3b17c5687b284fcd9fdded8bf42d49ad56c472c86ca6a16ddbd486a08d6

    Download Submit

  • /data/data/spot.mistake.apart/app_DynamicOptDex/Xk.json
    Filesize

    725KB

    MD5

    7dbc3f9c9f85779869e8a4ea0c2a9780

    SHA1

    ffc759d8c5e0fe8b9e72f4224b4c07e7c70e8bd9

    SHA256

    4343c7feefd68663faabaeaf8d65220c2545f136bd86064f50e1e14ecdd4e9c2

    SHA512

    17e01545edd1edcb911b460c7c5dc330e0a9d8c48af2f9346cbfeb61b399c37f5bbe2f0a4bb6644f61f2446c2141471a3ecdec55cd14a3c20c301095559b018d

    Download Submit

  • /data/data/spot.mistake.apart/app_DynamicOptDex/oat/Xk.json.cur.prof
    Filesize

    431B

    MD5

    a8771132e9aadd17f96961928911394c

    SHA1

    97a6c484a303261ee0e459ce60004cbfd2e41711

    SHA256

    fbba14ca7a10883235c723b3dd31e16f437f0beec965438b1a42720f9cec3a91

    SHA512

    bb6d65018546a8532ed953d74ea3c7e71eddb95f3b923c6f040ad266bc861e9b50834699ee808de9f657a43b6faf9e81ada28e2f05042e926445b40448254493

    Download Submit

  • /data/user/0/spot.mistake.apart/app_DynamicOptDex/Xk.json
    Filesize

    725KB

    MD5

    3fd6db06981f5f7edb89deb2d395d609

    SHA1

    b6de14a3831f43e01e3a5d47cfa80c34a2318187

    SHA256

    4d52c10ee5ff344232e0dab21176766383336222fa5f6a8cdeddc5bef174d022

    SHA512

    752fd5db4937783d71593d62aad13f50a2d7b9831c8f70e2d8b643791525f253da3fdb67b21775d735a2e1b5d79ba3de826a0e310f010b944a56f49b96519eb0

    Download Submit