Overview

overview

10

Static

static

Android APK

android_x86_64

10

Analysis

  • max time kernel
    3654392s
  • max time network
    129s
  • platform
    android_x86_64
  • resource
    android-x86_64
  • submitted
    16-04-2021 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81ab42279b6d91336d7161b8b9cb72867a9c0ddbc287bdc77d9ff6a194e06381.apk

  • Size

    3.5MB

  • MD5

    36a4423d0776fa9da1a5f87229a4639c

  • SHA1

    f01e156329850158874fc25ec54b337c936e7a4a

  • SHA256

    81ab42279b6d91336d7161b8b9cb72867a9c0ddbc287bdc77d9ff6a194e06381

  • SHA512

    6b096c0642447e8d9ec4213cf7790c76e2b9cdb5039652a641a2785b11eec90fd10475aa75ff0d8c843bd25df9a6e6ef6ad16e7db2def1de449b5781d29197f8

Score
10/10
alienbotbankerinfostealerobfuscationstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://whosis9963thisbro.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses reflection 44 IoCs
    obfuscation

Processes

  • pencil.paddle.gloom
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Uses reflection
    PID:3613
    • pencil.paddle.gloom
      2⤵
        PID:3660
      • getprop
        2⤵
          PID:3660
        • pencil.paddle.gloom
          2⤵
            PID:3742
          • getprop
            2⤵
              PID:3742
            • pencil.paddle.gloom
              2⤵
                PID:3782
              • getprop
                2⤵
                  PID:3782
                • pencil.paddle.gloom
                  2⤵
                    PID:3819
                  • getprop
                    2⤵
                      PID:3819
                    • pencil.paddle.gloom
                      2⤵
                        PID:3865
                      • getprop
                        2⤵
                          PID:3865
                        • pencil.paddle.gloom
                          2⤵
                            PID:3891
                          • getprop
                            2⤵
                              PID:3891
                            • pencil.paddle.gloom
                              2⤵
                                PID:3923
                              • getprop
                                2⤵
                                  PID:3923

                              Network

                              MITRE ATT&CK Matrix

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads