Analysis
-
max time kernel
1489352s -
max time network
156s -
platform
android_x86_64 -
resource
android-x86_64 -
submitted
12-12-2020 21:03
General
-
Target
edevlet.apk
-
Size
2.2MB
-
MD5
9ae42055cbeeea23fe962b2e51660c00
-
SHA1
bbcf2bdcca0c7d2326b71429c604e7447667f0c0
-
SHA256
c076650b8c03973f2f9f245a826cf0b7fa0d5add8182f33ec9b372d4b6796a04
-
SHA512
ff3d47a6871ce275d98350df870cb291d00963cd90c4d6cb94830206565fc8b99f7ef9c4a21b0f39d69d8a240d541d6cbb5906c1c2f63ea5a959687b4ba23829
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://gunckerolu.xyz
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Removes its main activity from the application launcher 3 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Suspicious use of android.app.ActivityManager.getRunningServices 25 IoCs
-
Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getLine1Number 4 IoCs
-
Uses reflection 38 IoCs
Processes
-
exchange.future.mistake1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Suspicious use of android.app.ActivityManager.getRunningServices
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
-
exchange.future.mistake2⤵
-
getprop2⤵
-
exchange.future.mistake2⤵
-
getprop2⤵