Analysis
-
max time kernel
132s -
max time network
150s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
05-10-2024 10:12
General
-
Target
1742936fc3118792758eaecef0991ea3_JaffaCakes118.apk
-
Size
2.6MB
-
MD5
1742936fc3118792758eaecef0991ea3
-
SHA1
c939e399263a53f5e5e4563085e5ff85a7ab0352
-
SHA256
057809e3b42b8b7a4f437a8cdbed5f7b78da66127794f8a9bf4f686693544be3
-
SHA512
13fd7c45e0af19d37336bea774977ab074aecb285f24e7e95cb23bb0d4b460f1165ccd014d532f8c9a45842bd2779205834048eb06896b4b9819581090a30b7a
-
SSDEEP
49152:rPUYehPA5dhtJMZejNQLHmWSCcA0+RBKCRvwCXj0AxhAg6o:LUYexAbdMZUOlh9xwCXoAxhKo
Malware Config
Extracted
alienbot
http://rareqtereqqer.sbs
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload 1 IoCs
-
Removes its main activity from the application launcher 1 TTPs 8 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
able.version.fever1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Performs UI accessibility actions on behalf of the user
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
735KB
MD53b68ce7ea7294a71a587dc962d15d0ea
SHA1a3ec21155c3dfd7e60e9ad2e34eba2fe617e62c5
SHA256e90d108a13e45aa2cfd567da2027882201630f123b893a36c22a78ed6616d68f
SHA512100c667f8fd17986a740511ab54b1015b172368c1e9cfe70333cce8f89fd649067bb89e74da4380053e7f2a8a68928d3e13bf0fe3695276cb7351b153b27f370
-
Filesize
735KB
MD5d77b349c02be5c74972e14cf92890e2c
SHA1b4da5de3a4d634ee494d3c970946d0a8dbbc27f6
SHA2561054587f97139175e5c23a5374a2a9123a4183f16bed070e03537aead750b8ab
SHA5127701756fca6df25bb5b2a1c7dd776a6a301047ab6b955c54b8572e0047431fac34c79d0c5c0a7393f0f602c6bca0d43087c9b7f839c533774ea7df16ad00da12