Analysis
-
max time kernel
986774s -
max time network
20s -
platform
android_x64 -
resource
android-x64 -
submitted
12-08-2021 14:40
Static task
static1
Behavioral task
behavioral1
Sample
Android_Guncelleme.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
Android_Guncelleme.apk
-
Size
2.9MB
-
MD5
d780257e0bb666be027137b631af1c12
-
SHA1
44935c16e5e66978b8950f81f3a3b2273edc6daa
-
SHA256
617ec2c8e213b27bee59716033fe62074986872d31c30376dceb7e737e3533f6
-
SHA512
449b59b57f1543f72a9e7a4e04ed6e755ca5a8f0e4d87a74dda9a0149b22cce59286b16b7c8da325817adedf0e6fc7c65e8d219cb00e626ed5e4913d7b799324
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/celery.roast.lawn/app_DynamicOptDex/NoT.json 3606 celery.roast.lawn /data/user/0/celery.roast.lawn/app_DynamicOptDex/NoT.json 3606 celery.roast.lawn -
Uses reflection 1 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3606 celery.roast.lawn