Overview

overview

10

Static

static

6

d8d350a851...eb.apk

android-9-x86

10

d8d350a851...eb.apk

android-10-x64

10

d8d350a851...eb.apk

android-11-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    20-03-2024 12:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d8d350a851b553a6b02a952a0307b7eb.apk

  • Size

    3.3MB

  • MD5

    d8d350a851b553a6b02a952a0307b7eb

  • SHA1

    8c3485192bb7bbaf00ba942097067de1696d7a97

  • SHA256

    f7a2065371c494fe901131fc41ecd11895f34f0ebf7bb41512b0972c92784dbe

  • SHA512

    19b9d46ac9aab48c002c5853a6b13e8f427edd7cda492fe5834d6704b3d72368a09354e9c6b9212d2221556bde76d465d5f088f8bfff4b1164979413afbb8eb7

  • SSDEEP

    49152:pBuGlUYQH6KLIjknS752gSytBS8BHTh+9fAeWFBe9tt/15OCewLVbUFJPGmkAprS:nfQHHu75PftbZSoeWF4ZNUf+mkA3Y

Score
10/10
alienbotcerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

https://instagrambuyukprofil.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 2 IoCs
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 8 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs

Processes

  • assist.citizen.loud
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:5032

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/assist.citizen.loud/app_DynamicOptDex/BNYcmnI.json
    Filesize

    713KB

    MD5

    f4c728452607be8324e1a9ed65a99362

    SHA1

    b4c2c97dc0b462431ad249c2efb4d80c11d12cd7

    SHA256

    54cc13809370a0e33039ef731c144024002c7f556cf18922c942111ccfa864b4

    SHA512

    ffc78dabc559838fb83f81124d91faf5a434bc651866e32d0affad61ea83cdff1347d4ac1d14443cb04a37278971283067085d46be869870b710eafb7fc5cfd9

    Download Submit

  • /data/data/assist.citizen.loud/app_DynamicOptDex/BNYcmnI.json
    Filesize

    257KB

    MD5

    c54228f3bbb0de94a6c999765f5d72aa

    SHA1

    981bbd31e1216e42eccba157584cbcd0e2a968b0

    SHA256

    a5c9055e4c9cbc28579ae0f9a3b44ecd6a889f26f15d79ed65667c1a6a799bfa

    SHA512

    c92a5ab2e50029597ea83252aee83bc21f84e0f2d2421a52b51c43640b43d7f3eab95b0cab56bfce997c8755c8e35622f49a29f597addc232432066876d1ce96

    Download Submit

  • /data/data/assist.citizen.loud/app_DynamicOptDex/oat/BNYcmnI.json.cur.prof
    Filesize

    495B

    MD5

    1152b8fea7b37db798338949e0f66cf3

    SHA1

    d2ea69365b4af74e17890b079df1ebfd06a7c3f0

    SHA256

    cac8eaae40ae9b6216a4f238891fa8b0d1122b1a50ad5595870a8706608a1aa4

    SHA512

    83e87f7b2135aae66b7f412de452005c6457cced8958b058d258391dc512ed6e212e20b03700b1b2cc3d3e332bc629d0b4a1c3791502488c5c28c88abf49e065

    Download Submit

  • /data/user/0/assist.citizen.loud/app_DynamicOptDex/BNYcmnI.json
    Filesize

    713KB

    MD5

    6eed178a6e26f94495ab872104f3cf38

    SHA1

    b5bdc8ab06fca690e5fabc574b90830b5aaee264

    SHA256

    92bda9528a229e08f62d15a55b516d2385947a240711c7b6e69bdce712dae9e1

    SHA512

    c25dc28635ee3f11dc0d181b7b8491cfff0f1239a84922c60c0f2c7a118415df176671b4eb3b108f193371f4010e28d7a6d3ae05e7e954ceb584fcede185a525

    Download Submit