Overview

overview

10

Static

static

6

ea32dfb83d...18.apk

android-9-x86

10

ea32dfb83d...18.apk

android-10-x64

10

ea32dfb83d...18.apk

android-11-x64

10

Resubmissions

09-04-2024 14:29

240409-rtpyhshd88 10

Analysis

  • max time kernel
    158s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    09-04-2024 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea32dfb83dff2f55084a22624077dd6e_JaffaCakes118.apk

  • Size

    3.4MB

  • MD5

    ea32dfb83dff2f55084a22624077dd6e

  • SHA1

    0b994725abc116f194007865b898e981f0b41e4d

  • SHA256

    9b288f10d587a1390b422e385e7813b24f51b34304ac0585242b865a7a1b9be6

  • SHA512

    4491c85229d063c6c63d2ccacb08505650030767237692ad06f3fc3a527296e06d8aed09c56088f38463b3ceb31d1cedb1f06eb5a823d194f2ffe16b16d1a779

  • SSDEEP

    49152:yzLDYLv2hd/i4QILkJWy2m74Hy7FBIsa9URW5cMs0UpmWQXAfhkw1eD:N2T/2jJLHvP894FMZU4WwAbsD

Score
10/10
alienbotcerberusbankercollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://34.89.218.199

rc4.plain

Extracted

Family

alienbot

C2

http://34.89.218.199

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 7 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs

Processes

  • pole.crumble.burden
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries account information for other applications stored on the device.
    • Acquires the wake lock
    PID:5116

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/pole.crumble.burden/app_DynamicOptDex/YcB.json
    Filesize

    726KB

    MD5

    f6252d5c666bdf8e9ac685a5321295c9

    SHA1

    a2a167047553df7581e36652faf4d4ad7e0eb119

    SHA256

    b3708df32aed6b4a66f729502a08283bc0a1ee49ab37801f4ad390e4af66690d

    SHA512

    c12801c94e589ee6490fe0caf605be8a9c1566987fd777686bd703ef0d2659107adc5a50782d61ff27741bd69ab859944a809620a5993458a447bb12dbf0c823

    Download Submit

  • /data/data/pole.crumble.burden/app_DynamicOptDex/YcB.json
    Filesize

    726KB

    MD5

    46302e3551aa9cd96409ca7f071ffaf8

    SHA1

    63dc0c17acba75d25cabc062b59513018164006c

    SHA256

    89a4825b881774f89b0ec7c1549228799ddd251b1058a130f0d09c8e89a54e40

    SHA512

    a1166d7f052c675a29c5ff527382761185313778ec5b33cf33db899e9297933ee4615ee1f019542fc5b9bfa4bd508c83c6189b66c519d7cb69ed43c52d1343fe

    Download Submit

  • /data/data/pole.crumble.burden/app_DynamicOptDex/oat/YcB.json.cur.prof
    Filesize

    429B

    MD5

    e20371b4aa21790f6100006bbcf1effe

    SHA1

    4628d4a5d418fad67028b10e43ea57a67263de28

    SHA256

    b89528ef24496fd3bdabe4a667525cefef6d3adc0003f9ab749c584fef1004b4

    SHA512

    c36a485ff6c59873a67dd9925fc1be58f1667612c622ab40370e6ae04e85aeaabbec87749cf4d605ca12144492fa747d16cf8ce270ea1a6f0fb600eeb9900b6f

    Download Submit