Resubmissions
09-04-2024 14:29
240409-rtpyhshd88 10Analysis
-
max time kernel
149s -
max time network
147s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
-
submitted
09-04-2024 14:29
General
-
Target
ea32dfb83dff2f55084a22624077dd6e_JaffaCakes118.apk
-
Size
3.4MB
-
MD5
ea32dfb83dff2f55084a22624077dd6e
-
SHA1
0b994725abc116f194007865b898e981f0b41e4d
-
SHA256
9b288f10d587a1390b422e385e7813b24f51b34304ac0585242b865a7a1b9be6
-
SHA512
4491c85229d063c6c63d2ccacb08505650030767237692ad06f3fc3a527296e06d8aed09c56088f38463b3ceb31d1cedb1f06eb5a823d194f2ffe16b16d1a779
-
SSDEEP
49152:yzLDYLv2hd/i4QILkJWy2m74Hy7FBIsa9URW5cMs0UpmWQXAfhkw1eD:N2T/2jJLHvP894FMZU4WwAbsD
Malware Config
Extracted
alienbot
http://34.89.218.199
Extracted
alienbot
http://34.89.218.199
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 TTPs 5 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries account information for other applications stored on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes
-
pole.crumble.burden1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries account information for other applications stored on the device.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
726KB
MD5f6252d5c666bdf8e9ac685a5321295c9
SHA1a2a167047553df7581e36652faf4d4ad7e0eb119
SHA256b3708df32aed6b4a66f729502a08283bc0a1ee49ab37801f4ad390e4af66690d
SHA512c12801c94e589ee6490fe0caf605be8a9c1566987fd777686bd703ef0d2659107adc5a50782d61ff27741bd69ab859944a809620a5993458a447bb12dbf0c823
-
Filesize
726KB
MD546302e3551aa9cd96409ca7f071ffaf8
SHA163dc0c17acba75d25cabc062b59513018164006c
SHA25689a4825b881774f89b0ec7c1549228799ddd251b1058a130f0d09c8e89a54e40
SHA512a1166d7f052c675a29c5ff527382761185313778ec5b33cf33db899e9297933ee4615ee1f019542fc5b9bfa4bd508c83c6189b66c519d7cb69ed43c52d1343fe
-
Filesize
367B
MD5af082e173a1960c1398ae7441f6be5d3
SHA134094cafc2fcdfe776f6d55596cd1b43f200f4ef
SHA2568830b7920e4077957193f023e60a744f2ffc06c45f9f5f679b6936fec8ab8f34
SHA512b77f926e12de1c3d884abdaac4238a83c213cb24c37d4a022716967a7dc7dabd7d7fdbe9e1e627adc451cd84710727d319bbb35c2118dcfbb5f20489b2308e29