Overview

overview

10

Static

static

Android APK

android_x86_64

10

Analysis

  • max time kernel
    1069174s
  • max time network
    129s
  • platform
    android_x86_64
  • resource
    android-x86_64
  • submitted
    08-12-2020 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fibabanka_Destek_obf.apk

  • Size

    2.7MB

  • MD5

    6073f077566eae176783153d604c018f

  • SHA1

    fc94034f137032576e4cec1b79fa34c0f2cc3ab5

  • SHA256

    103073604235e9e047abead5f497b5079e3a813f1aa036f5c6cb987c01ec421b

  • SHA512

    3ac90c4ebb356a42f475b6f4f431050fbc4f3f1a199fa54a2b1aa4845a3f433c6e012220b2c6cf6e8d4cb574ebacd8e8d3d93d3a801be224e1df0c210121c91e

Score
10/10
alienbotbankerinfostealerobfuscationstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://turkasker12.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Removes its main activity from the application launcher 3 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Suspicious use of android.app.ActivityManager.getRunningServices 23 IoCs
  • Suspicious use of android.telephony.TelephonyManager.getLine1Number 6 IoCs
  • Uses reflection 40 IoCs
    obfuscation

Processes

  • floor.visual.onion
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Suspicious use of android.app.ActivityManager.getRunningServices
    • Suspicious use of android.telephony.TelephonyManager.getLine1Number
    • Uses reflection
    PID:3597
    • floor.visual.onion
      2⤵
        PID:3647
      • getprop
        2⤵
          PID:3647
        • floor.visual.onion
          2⤵
            PID:3730
          • getprop
            2⤵
              PID:3730

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads