Analysis
-
max time kernel
1070538s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
13-08-2021 13:57
Static task
static1
Behavioral task
behavioral1
Sample
Porno_Izle.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
Porno_Izle.apk
-
Size
2.9MB
-
MD5
740cbd727edfa42ebd9ae6665c0a6c3b
-
SHA1
55636ff9abfb78fa206bc5794021d92f5bebc8e0
-
SHA256
061a13193d6f743c67c486a64fe50be243132df2fb414ce01b554bf87ba871c5
-
SHA512
500a38a9f00cca61d43b9a10cb9f6f06bfdc62f35124ab898b8a71456d8ce8d390f9db9c81075d189a8995f21812865822c0135675bcc601980ba9fbdc244547
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://193.70.91.231
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/host.meadow.inmate/app_DynamicOptDex/kDx.json 4278 host.meadow.inmate /data/user/0/host.meadow.inmate/app_DynamicOptDex/kDx.json 4278 host.meadow.inmate -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
description ioc Process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName host.meadow.inmate -
Uses reflection 23 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4278 host.meadow.inmate Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4278 host.meadow.inmate Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.get 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.open 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.getInstance 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.get 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.open 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.getInstance 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.get 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.open 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.getInstance 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.get 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.open 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.getInstance 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.get 4278 host.meadow.inmate Invokes method dalvik.system.CloseGuard.open 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.getInstance 4278 host.meadow.inmate Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 4278 host.meadow.inmate