Overview

overview

10

Static

static

6

d780257e0b...12.apk

android-9-x86

10

d780257e0b...12.apk

android-10-x64

10

d780257e0b...12.apk

android-11-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    138s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    20/03/2024, 00:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d780257e0bb666be027137b631af1c12.apk

  • Size

    2.9MB

  • MD5

    d780257e0bb666be027137b631af1c12

  • SHA1

    44935c16e5e66978b8950f81f3a3b2273edc6daa

  • SHA256

    617ec2c8e213b27bee59716033fe62074986872d31c30376dceb7e737e3533f6

  • SHA512

    449b59b57f1543f72a9e7a4e04ed6e755ca5a8f0e4d87a74dda9a0149b22cce59286b16b7c8da325817adedf0e6fc7c65e8d219cb00e626ed5e4913d7b799324

  • SSDEEP

    49152:tRCnMKa2mz3yutQroZRydxCUuHLZeNvuDTYqVL2EWFriBm0ELjTIRtw:tYnfdBoZQd7ACGvlVLuFWIpjTIRG

Score
10/10
alienbotcerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • celery.roast.lawn
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    PID:5045

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.187.200
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.46
  • 142.250.187.200:443
    ssl.google-analytics.com
    tls
    1.4kB
     6.1kB
     10
    9
  • 142.250.178.14:443
    tls, https
    914 B
     40 B
     1
    1
  • 142.250.200.46:443
    android.apis.google.com
    tls
    4.7kB
     8.6kB
     14
    19
  • 216.58.213.4:443
    tls, https
    455 B
     40 B
     2
    1
  • 216.58.213.4:443
    www.google.com
    tls
    8.7kB
     9.8kB
     27
    36
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.187.200

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.200.46

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/celery.roast.lawn/app_DynamicOptDex/NoT.json
    Filesize

    85KB

    MD5

    c7f1c000536e98968bf749f5c3518997

    SHA1

    82ffc85cda6a0a67176925ee372555d8cf99f16d

    SHA256

    99bc4bf2a9898392a4405a533af78b6386f2b0aa7ab0248e9872ac859d95bc5e

    SHA512

    854a7efa1f0f6a8473227f30a8e6850950cc875e39e3a1de2a9fcb9bb2b999836861806d83f22e5abeb57680599b0a97354b6441296ffaf2df6d26c45d773891

    Download Submit

  • /data/data/celery.roast.lawn/app_DynamicOptDex/NoT.json
    Filesize

    653KB

    MD5

    142b5cd973e8a5b0d4201c58f9918c1e

    SHA1

    5c91a1f3ed47a4d725213e7cf81ee5438a9766a3

    SHA256

    cd7bf34bc3afc3e969f844ba7bd3a4b1ee259c6c748e9e3777efb4cd9996b91c

    SHA512

    7ea4ea6cd28b6c4805ae338f2bf7f35899a8ffabf1564a5612b615600bc41ed1a8c2866365c32f58d07fd2b9a2b2538610654bace271c666a2f4044a7c1c122a

    Download Submit

  • /data/data/celery.roast.lawn/app_DynamicOptDex/oat/NoT.json.cur.prof
    Filesize

    431B

    MD5

    e86aef379ba5a16769e48da79aef5fd6

    SHA1

    e62e7a65d936c65c3611ff70ecb1bc33b664cf59

    SHA256

    78306ed2e17de7d3254432bf74ddc0064add155381e8b8c5f09b62244ec437db

    SHA512

    8202d8d587aa4e46397db3024e2cd5463e37ec25014f145b927c46749b3cf1576ff59d1f0bb536ef0e9e36cd340feb93b1c04af9c2221ff400e5d9101d68151a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.