Overview

overview

10

Static

static

6

d8d350a851...eb.apk

android-9-x86

10

d8d350a851...eb.apk

android-10-x64

10

d8d350a851...eb.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    20-03-2024 12:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d8d350a851b553a6b02a952a0307b7eb.apk

  • Size

    3.3MB

  • MD5

    d8d350a851b553a6b02a952a0307b7eb

  • SHA1

    8c3485192bb7bbaf00ba942097067de1696d7a97

  • SHA256

    f7a2065371c494fe901131fc41ecd11895f34f0ebf7bb41512b0972c92784dbe

  • SHA512

    19b9d46ac9aab48c002c5853a6b13e8f427edd7cda492fe5834d6704b3d72368a09354e9c6b9212d2221556bde76d465d5f088f8bfff4b1164979413afbb8eb7

  • SSDEEP

    49152:pBuGlUYQH6KLIjknS752gSytBS8BHTh+9fAeWFBe9tt/15OCewLVbUFJPGmkAprS:nfQHHu75PftbZSoeWF4ZNUf+mkA3Y

Score
10/10
alienbotcerberusbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

https://instagrambuyukprofil.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 8 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • assist.citizen.loud
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4455

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/assist.citizen.loud/app_DynamicOptDex/BNYcmnI.json
    Filesize

    713KB

    MD5

    f4c728452607be8324e1a9ed65a99362

    SHA1

    b4c2c97dc0b462431ad249c2efb4d80c11d12cd7

    SHA256

    54cc13809370a0e33039ef731c144024002c7f556cf18922c942111ccfa864b4

    SHA512

    ffc78dabc559838fb83f81124d91faf5a434bc651866e32d0affad61ea83cdff1347d4ac1d14443cb04a37278971283067085d46be869870b710eafb7fc5cfd9

    Download Submit

  • /data/user/0/assist.citizen.loud/app_DynamicOptDex/BNYcmnI.json
    Filesize

    713KB

    MD5

    6eed178a6e26f94495ab872104f3cf38

    SHA1

    b5bdc8ab06fca690e5fabc574b90830b5aaee264

    SHA256

    92bda9528a229e08f62d15a55b516d2385947a240711c7b6e69bdce712dae9e1

    SHA512

    c25dc28635ee3f11dc0d181b7b8491cfff0f1239a84922c60c0f2c7a118415df176671b4eb3b108f193371f4010e28d7a6d3ae05e7e954ceb584fcede185a525

    Download Submit

  • /data/user/0/assist.citizen.loud/app_DynamicOptDex/oat/BNYcmnI.json.cur.prof
    Filesize

    369B

    MD5

    34eae3f83536c0a93969bc018ca6a6f6

    SHA1

    6308ab24add906418f890314b6dcd88300752226

    SHA256

    e0bab0f8fe9db69eb919173f95e012bf6ddb36c18eb91658e722e9a52e2116ac

    SHA512

    036e12fde09aae1d044d2934abe4cd36cd191a9e1b427567cba601e1d041c158a9e4fe31d3b1eefbe6e325dffd38726d7c996595eda8e5803c78996185b07a34

    Download Submit